Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Backdoor.messa

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 01.03.2012, 05:22   #1
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Auch ich habe heute morgen Bekanntschaft mit dem "Bitte zahlen Sie für Ihr blockiertes Windows-System"-Screen gemacht.
Habe Malwarebyte und SUPERAntiSpyware laufen lassen und backdoor.messa aus c:/user entfernt.
Hier noch ein paar Logfiles.
Was ist conime.exe? Ist mir noch nie aufgefallen vorher.
Angehängte Dateien
Dateityp: zip Logs.zip (27,1 KB, 79x aufgerufen)

Alt 01.03.2012, 21:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdoor.messa - Standard

Backdoor.messa



Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
__________________

__________________

Alt 01.03.2012, 22:01   #3
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Danke für die Antwort. Heute hattet Ihr bestimmt Sonderschichten. Ich habe nun Reinigungen mit Avira Premium, Malware Antispyware, TDSS Killer und Super-Antispyware durchgeführt, nachdem ich heute morgen eine Systemwiederherstellung von vorgestern durchführen musste. Das System scheint nun sauber zu sein. Die Conime.exe ist laut Virus-Total auch in Ordnung. Wenn Du magst, kannst Du Dir noch mal das OTL-Logfile anschauen von jetzt gerade eben; So richtig sicher fühle ich mich nicht.

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2012 21:55:48 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = E:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 48,43% Memory free
8,19 Gb Paging File | 5,60 Gb Available in Paging File | 68,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 542,64 Gb Total Space | 333,78 Gb Free Space | 61,51% Space Free | Partition Type: NTFS
Drive E: | 388,87 Gb Total Space | 140,30 Gb Free Space | 36,08% Space Free | Partition Type: NTFS
 
Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [printdir] -- %windir%\printdir.bat "%1" ()
Directory [viewdir] -- %windir%\viewdir.bat "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [printdir] -- %windir%\printdir.bat "%1" ()
Directory [viewdir] -- %windir%\viewdir.bat "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 74 0C 11 2E 7B 3E CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4223294054-2252070966-736884885-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4477FA8D-3113-4A0B-83E8-959945A6A22C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4C427A99-ABE1-4EBD-9E4D-9B138C1B66F3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{55E3523C-6171-435C-A9EF-1B0E0E094B79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{568E007D-AFC2-4E11-A42B-C66E76FA6D4A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5B55C178-1937-414A-9487-88354171A362}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6736D996-E0C0-4B38-9466-7BFFF17DBCDE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{696862F2-6F44-4A15-9852-83D3A0741E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 
"{AA30B040-BD51-44F7-806D-F271DD1F50FE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{AECCC0DB-FF04-4DE7-8FC0-3EA0B2CD842A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{BC72F7DE-0C34-4BDE-8550-FDA9070B6524}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BE5CB16F-CEBD-4A43-8E6B-ABCAEFA20422}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C8537E1A-BBAD-4B9D-944B-723FECD79656}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CE6B037B-7127-4C90-A1EC-3C2CEAD6562D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5D957FD-2D68-4153-B9A7-29CDB53F8726}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{EC5ACE10-4558-4062-B185-355BED1F517B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{F2CDDA80-20A9-443B-8633-1AB8AF74B9A6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{F5808458-9922-49CF-BBD5-1DBB5633C726}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F8CADC18-D3ED-4AFC-A795-87D3BA1FECDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A35158F-F293-4E36-A204-4589CB9E86CC}" = protocol=17 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe | 
"{0BF80E0A-1217-4F49-8B25-F734C7BB9EBA}" = protocol=6 | dir=in | app=c:\games\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{210A96D1-1ED2-4A89-8754-A8C10FBCA281}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{2E2D6E2D-7980-4075-9F67-D76C1052AF73}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{2FEFA728-B679-40EB-9B68-8ABB5D264DD5}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | 
"{316CC107-8BA3-43AA-81A5-52E1C2D1B0D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{31D20E3C-7DD3-4A7F-830D-A072ACA37C06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3A31AF01-02A0-4CE9-A64C-155BCD65EA90}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{41D50E12-810D-4FD2-B0F9-3607DE7926EB}" = protocol=6 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe | 
"{49FDF1AB-4178-4F9C-88D1-8FB6BD5D1E01}" = protocol=17 | dir=in | app=c:\games\dragon age origins character creator\bin_ship\daocharactercreator.exe | 
"{500C952F-58B1-41A5-BA6B-1BEE2D6FF270}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{5265ED28-5B54-4D97-BFC6-A07CB81259CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{586AF009-E95C-48AA-B00F-468DDF1284D1}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe | 
"{5DFC933E-F76A-4C22-BC0C-CC703701F9B5}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe | 
"{65C73A0A-26D0-4E3C-91E1-03680BAF65A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{7B7AF574-6F98-4669-8373-F66065192B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{7EF5873E-4968-4E5F-979C-F32CAEA46974}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{882F1618-4606-4B40-BECA-E091B33003E8}" = protocol=17 | dir=in | app=c:\games\dragon age origins character creator\daoriginslauncher.exe | 
"{8B195E4F-384D-4DC5-B7A3-EC3133CDB24B}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{9000D64F-FE9D-4A22-93E3-4C1B8FA1CDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{93FB028E-A5BC-4A21-AEF9-B9654A0058A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{96395879-6386-4469-947D-6548A72205D9}" = protocol=6 | dir=in | app=c:\games\dragon age origins character creator\daoriginslauncher.exe | 
"{A6AF9EE1-6F0A-4CE7-B425-7C9C36728773}" = protocol=6 | dir=in | app=c:\users\timr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A8D2A0EF-6ABA-464B-BF2F-6ADB2D788F8B}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | 
"{AA613AE4-8B8F-4194-BCA8-9D88CD77551F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{B54949CC-26F7-4400-90C0-5245BD97D54B}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe | 
"{C0DE0596-2E04-4A65-BC15-458DC875D2C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{C83B19F8-C1D4-411C-BE35-9CC6BB620234}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe | 
"{D0910AD6-CE64-4501-B5AE-49FCB0ACFA55}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe | 
"{E4BB4EB9-FDA8-499B-83B0-449BF72B177C}" = protocol=17 | dir=in | app=c:\users\timr\appdata\roaming\dropbox\bin\dropbox.exe | 
"{E9F56AF2-AE88-4AEA-921C-282CE7F40E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe | 
"{EF3BB84A-AC0A-43F5-88AE-3FF22FC5BC16}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe | 
"{F6AEB06C-67B5-4E6E-902F-2BF5F910F3DB}" = protocol=17 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe | 
"{F6B212D3-E50B-4DA7-920B-90D05A46188F}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe | 
"{F797AE50-8C59-40F0-B7ED-05D95DBDCC60}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{F8272D9E-97CF-4841-B4C8-488C605B2A86}" = protocol=6 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe | 
"TCP Query User{129D2307-0DA5-4E24-87F5-D9C3188880E5}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{27404428-D206-4C31-B3B6-7E4C2B3581A9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{2C3282C2-198D-43A1-A30B-F276126CDA6D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{4995D3C3-963F-4A1F-BA4B-18FB318CB92C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{85003D8B-0BB0-42C3-AC4F-FFF754CF180F}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | 
"TCP Query User{A5A72B48-5285-4B0C-9D4D-082324882A6C}E:\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=e:\downloads\mtgoiii_helper.exe | 
"TCP Query User{BDB18F33-577C-4CBD-9E81-07C7BE21A4F8}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{C712E825-2754-4E49-B316-5AE112F9E34A}C:\program files (x86)\jalview\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jalview\jre\bin\javaw.exe | 
"TCP Query User{E51EBB60-5941-4E93-B6FD-0427E07DDB55}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{F1324664-CB05-4876-88C2-8698688D3871}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"TCP Query User{FD9B905F-DE70-4B5F-95D7-FF3C56963184}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{01460080-EE11-479D-91B9-7686F3BEF8DA}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{18443F21-3A77-41AB-B225-8026C2AACA33}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{1B971F43-8E2B-4BBB-AF56-DFC4EA7927B9}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{44E3D32E-9E8C-482B-81D5-0529AAF0D481}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe | 
"UDP Query User{5B83FC51-C1C2-4B13-82CF-42387496276D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"UDP Query User{72D85336-46AF-4EDF-87ED-DF4272ABC983}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{8CEAA539-77E2-42D5-B3A3-8D2B037729FA}E:\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=e:\downloads\mtgoiii_helper.exe | 
"UDP Query User{B14084CB-CAE4-4F2C-95AA-7852A6DBA68D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{C73C523C-CC4D-48C0-BC12-5BE65295C9CE}C:\program files (x86)\jalview\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jalview\jre\bin\javaw.exe | 
"UDP Query User{EE3BCC10-3C2E-46E9-A6EA-40637E410F9D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe | 
"UDP Query User{F92A0005-4A2D-4221-B1BE-755989000F52}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67303AC9-A9BA-E413-0001-AAC1C812947C}" = AMD Fuel
"{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.1.0-git-20120217-1212
"WinRAR archiver" = WinRAR 4.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{136F3A0B-5783-47AC-8DB7-1611ED879FA1}" = ClustalX2
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{217B8A26-B479-4361-8771-57E323D6F991}" = EtikettenAssistent 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C57D8CB-FFB6-4B58-8C07-9F2D63E05990}" = FreeUndelete 2.0.34689.1
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{69FC0FD9-BA3D-45B0-88AF-C39B4121A070}" = MP3Find pro V5.02
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = AMD VISION Engine Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{82808A16-D448-4FBF-9AE9-75AF3FC240DC}_is1" = MEGA5
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3ACD510-85D8-458B-9954-34DB004F2287}" = PC Connectivity Solution
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2903F16-9A5A-4292-9D97-8328088086B6}" = forteManager
"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1505-7129-3447-4151" = SplitsTree4 4.11.3
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Anti-Twin 2011-07-08 08.59.05" = Anti-Twin (Installation 08.07.2011)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Premium
"ClassicPro" = ClassicPro© v1.14
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.3
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.1 
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Jalview" = Jalview
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PDF Blender" = PDF Blender
"PowerMenu" = PowerMenu 1.51
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Secunia PSI" = Secunia PSI (3.0.0.0004)
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Trillian" = Trillian
"URLSnooper 2_is1" = URL Snooper v2.29.01
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"xp-AntiSpy" = xp-AntiSpy 3.98-2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BioLayout Express 3D Web Start Version" = BioLayout Express 3D Web Start Version
"Dropbox" = Dropbox
"LCDSirReal" = LCDSirReal - a multipurpose plugin for the Logitech G13/G15
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.03.2012 04:01:11 | Computer Name = Schwobb | Source = VSS | ID = 13
Description = 
 
Error - 01.03.2012 04:01:11 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description = 
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 13
Description = 
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description = 
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 13
Description = 
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description = 
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 13
Description = 
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description = 
 
Error - 01.03.2012 05:43:34 | Computer Name = Schwobb | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 01.03.2012 05:43:34 | Computer Name = Schwobb | Source = Windows Search Service | ID = 3013
Description = 
 
[ OSession Events ]
Error - 18.01.2010 11:21:51 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3857
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
Error - 06.05.2010 17:29:52 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 893
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 15.06.2011 11:56:39 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.07.2011 16:58:16 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11821
 seconds with 1740 seconds of active time.  This session ended with a crash.
 
Error - 17.08.2011 12:03:02 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12606
 seconds with 2280 seconds of active time.  This session ended with a crash.
 
Error - 11.09.2011 12:02:08 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12489
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.03.2012 04:02:28 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.03.2012 05:37:41 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.03.2012 05:37:41 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.03.2012 05:43:05 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 01.03.2012 06:36:45 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.03.2012 10:57:44 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 01.03.2012 11:28:36 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 01.03.2012 11:31:10 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 01.03.2012, 22:01   #4
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Code:
ATTFilter
OTL logfile created on: 01.03.2012 21:55:48 - Run 1
OTL by OldTimer - Version 3.2.33.2     Folder = E:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 48,43% Memory free
8,19 Gb Paging File | 5,60 Gb Available in Paging File | 68,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 542,64 Gb Total Space | 333,78 Gb Free Space | 61,51% Space Free | Partition Type: NTFS
Drive E: | 388,87 Gb Total Space | 140,30 Gb Free Space | 36,08% Space Free | Partition Type: NTFS
 
Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.01 04:27:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.02.16 16:11:52 | 001,019,872 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Program Files (x86)\GPUZ\GPU-Z.0.5.9.exe
PRC - [2012.01.27 07:57:23 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.08 08:26:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.07.07 20:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.07.07 20:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.01 16:15:07 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll
MOD - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
MOD - [2009.06.29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2007.09.13 18:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.01 16:33:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.25 21:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\ATI\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files (x86)\SAS\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.10 00:42:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.12.10 00:23:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.12.08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.17 18:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.29 19:42:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 19:42:50 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.12.21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.07.07 22:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 22:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 22:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 22:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 22:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 22:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 22:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 22:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASKUTIL64.SYS -- (SASKUTIL)
DRV - [2008.08.08 13:52:48 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008.08.08 13:52:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB F2 93 D9 5A EE CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_221.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
 
 
O1 HOSTS File: ([2011.03.13 15:15:23 | 000,431,157 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14842 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech\SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\11-12\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 195.50.140.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6659378C-9D4A-4D5D-882C-148AEC3A7B09}: DhcpNameServer = 195.50.140.116 195.50.140.180
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.25 20:18:54 | 000,000,035 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\AutoRun\command - "" = G:\jeti\\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\explore\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\install\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\open\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{6422d340-9cc8-11df-91e9-00261822e3e6}\Shell\AutoRun\command - "" = F:\shelexec.exe .\Vaillant\index.htm
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell - "" = AutoRun
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.01 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\vlc
[2012.03.01 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
[2012.03.01 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.01 17:01:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.01 17:01:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.01 17:01:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.01 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.01 16:33:28 | 008,756,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.03.01 16:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.01 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Secunia PSI
[2012.03.01 16:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.03.01 16:15:07 | 000,417,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.01 16:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012.03.01 16:09:32 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.01 16:09:32 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.01 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SAS
[2012.03.01 04:45:18 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\SUPERAntiSpyware.com
[2012.03.01 04:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.03.01 04:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAntiSpyware
[2012.03.01 04:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegSeeker
[2012.03.01 04:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java(0)
[2012.02.17 20:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.02.17 15:17:56 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\LogiShrd
[2012.02.17 15:17:35 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.02.17 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logitech
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logishrd
[2012.02.17 08:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.02.17 08:53:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.02.17 08:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.02.17 07:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Origin
[2012.02.17 07:49:15 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Origin
[2012.02.17 07:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.02.16 16:44:17 | 000,000,000 | R--D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.02.16 16:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy
[2012.02.16 16:28:46 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tools
[2012.02.16 06:44:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 06:44:01 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.16 06:44:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 06:44:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 06:44:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 06:44:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 06:44:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 06:43:59 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.16 06:43:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 06:43:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.16 06:43:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.16 06:29:38 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.13 09:26:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.02.05 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\TimR\Documents\SelfMV
[2012.02.05 17:45:50 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys
[2012.02.05 17:45:50 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.02.05 17:45:50 | 000,098,616 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.02.05 17:39:59 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01005.dll
[2012.02.05 17:39:59 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012.02.05 17:39:59 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012.02.05 17:39:58 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012.02.05 17:39:58 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012.02.05 17:39:58 | 000,146,920 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys
[2012.02.05 17:39:58 | 000,036,328 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\ssadadb.sys
[2012.02.05 17:39:58 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012.02.05 17:39:58 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012.02.05 17:39:58 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012.01.31 22:17:43 | 000,000,000 | R--D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.01 21:56:30 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 21:56:30 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 21:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.01 17:15:59 | 000,225,280 | ---- | M] () -- C:\Users\TimR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.01 17:00:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.01 17:00:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.01 17:00:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.01 17:00:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.01 16:33:35 | 000,417,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.01 16:33:35 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.03.01 16:33:28 | 008,756,384 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.03.01 16:09:23 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.01 16:09:22 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.01 16:02:25 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.01 16:02:25 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.01 16:02:25 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.01 16:02:25 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.01 16:02:25 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.01 15:56:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.01 14:01:05 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.01 14:01:05 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.01 14:01:05 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.01 11:35:16 | 000,298,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.01 08:56:29 | 000,029,124 | ---- | M] () -- C:\Users\TimR\Documents\Logs.zip
[2012.02.17 15:48:48 | 000,000,569 | ---- | M] () -- C:\Users\TimR\.jalview_properties
[2012.02.17 15:41:55 | 000,008,158 | ---- | M] () -- C:\Users\TimR\Desktop\mecr1.rar
[2012.02.17 15:33:17 | 000,016,812 | ---- | M] () -- C:\Users\TimR\Desktop\mecA.rar
[2012.02.17 15:17:35 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.01 16:15:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.01 11:35:07 | 000,298,472 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.01 05:21:26 | 000,029,124 | ---- | C] () -- C:\Users\TimR\Documents\Logs.zip
[2012.02.17 15:41:55 | 000,008,158 | ---- | C] () -- C:\Users\TimR\Desktop\mecr1.rar
[2012.02.17 15:33:16 | 000,016,812 | ---- | C] () -- C:\Users\TimR\Desktop\mecA.rar
[2012.02.17 15:24:06 | 000,000,569 | ---- | C] () -- C:\Users\TimR\.jalview_properties
[2011.12.05 11:23:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.10 17:51:06 | 000,000,680 | ---- | C] () -- C:\Users\TimR\AppData\Local\d3d9caps.dat
[2011.03.10 15:24:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.10 15:24:13 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.10 15:24:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.03.10 15:23:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.10 00:19:41 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.12.10 00:19:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.12 09:12:38 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.09.03 17:19:13 | 001,539,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.07.07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.07.07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.07.07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.07.07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.05.23 22:25:12 | 000,201,122 | ---- | C] () -- C:\Windows\SysWow64\Cavort10.dll
[2010.05.23 22:25:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Unlha.dll
[2010.05.23 22:25:12 | 000,066,113 | ---- | C] () -- C:\Windows\SysWow64\Cavordd.dll
[2010.05.23 22:25:12 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\Cavosysc.dll
[2010.05.23 22:25:07 | 000,000,098 | ---- | C] () -- C:\Windows\twland.ini

< End of report >
         

Geändert von rka0 (01.03.2012 um 22:08 Uhr)

Alt 01.03.2012, 22:09   #5
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Und der Avira-Bericht vor der Reinigung heute mittag:
Code:
ATTFilter

Avira AntiVir Premium
Erstellungsdatum der Reportdatei: Donnerstag, 1. März 2012  11:54

Es wird nach 3511092 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Tim Richter
Seriennummer   : 2219046607-PEPWE-0000001
Plattform      : Windows Vista x64
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : SCHWOBB

Versionsinformationen:
BUILD.DAT      : 10.2.0.735     36344 Bytes  25.01.2012 12:44:00
AVSCAN.EXE     : 10.3.0.7      484008 Bytes  29.06.2011 18:42:50
AVSCAN.DLL     : 10.0.5.0       57192 Bytes  29.06.2011 18:42:50
LUKE.DLL       : 10.3.0.5       45416 Bytes  29.06.2011 18:42:50
LUKERES.DLL    : 10.0.0.0       13672 Bytes  08.11.2010 07:26:37
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  29.06.2011 18:42:50
AVREG.DLL      : 10.3.0.9       88833 Bytes  13.07.2011 05:11:28
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 07:25:40
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 19:07:30
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 07:56:50
VBASE003.VDF   : 7.11.21.238  4472832 Bytes  01.02.2012 06:50:47
VBASE004.VDF   : 7.11.21.239     2048 Bytes  01.02.2012 06:50:47
VBASE005.VDF   : 7.11.21.240     2048 Bytes  01.02.2012 06:50:47
VBASE006.VDF   : 7.11.21.241     2048 Bytes  01.02.2012 06:50:47
VBASE007.VDF   : 7.11.21.242     2048 Bytes  01.02.2012 06:50:47
VBASE008.VDF   : 7.11.21.243     2048 Bytes  01.02.2012 06:50:47
VBASE009.VDF   : 7.11.21.244     2048 Bytes  01.02.2012 06:50:47
VBASE010.VDF   : 7.11.21.245     2048 Bytes  01.02.2012 06:50:47
VBASE011.VDF   : 7.11.21.246     2048 Bytes  01.02.2012 06:50:47
VBASE012.VDF   : 7.11.21.247     2048 Bytes  01.02.2012 06:50:47
VBASE013.VDF   : 7.11.22.33   1486848 Bytes  03.02.2012 14:00:16
VBASE014.VDF   : 7.11.22.56    687616 Bytes  03.02.2012 14:00:17
VBASE015.VDF   : 7.11.22.92    178176 Bytes  06.02.2012 06:01:36
VBASE016.VDF   : 7.11.22.154   144896 Bytes  08.02.2012 07:58:25
VBASE017.VDF   : 7.11.22.220   183296 Bytes  13.02.2012 07:12:07
VBASE018.VDF   : 7.11.23.34    202752 Bytes  15.02.2012 05:24:59
VBASE019.VDF   : 7.11.23.98    126464 Bytes  17.02.2012 08:28:53
VBASE020.VDF   : 7.11.23.150   148480 Bytes  20.02.2012 08:28:53
VBASE021.VDF   : 7.11.23.224   172544 Bytes  23.02.2012 06:45:22
VBASE022.VDF   : 7.11.24.52    219648 Bytes  28.02.2012 03:33:38
VBASE023.VDF   : 7.11.24.53      2048 Bytes  28.02.2012 03:33:38
VBASE024.VDF   : 7.11.24.54      2048 Bytes  28.02.2012 03:33:38
VBASE025.VDF   : 7.11.24.55      2048 Bytes  28.02.2012 03:33:38
VBASE026.VDF   : 7.11.24.56      2048 Bytes  28.02.2012 03:33:38
VBASE027.VDF   : 7.11.24.57      2048 Bytes  28.02.2012 03:33:38
VBASE028.VDF   : 7.11.24.58      2048 Bytes  28.02.2012 03:33:38
VBASE029.VDF   : 7.11.24.59      2048 Bytes  28.02.2012 03:33:38
VBASE030.VDF   : 7.11.24.60      2048 Bytes  28.02.2012 03:33:38
VBASE031.VDF   : 7.11.24.94     60928 Bytes  29.02.2012 03:17:05
Engineversion  : 8.2.10.8  
AEVDF.DLL      : 8.1.2.2       106868 Bytes  26.10.2011 05:04:24
AESCRIPT.DLL   : 8.1.4.7       442746 Bytes  26.02.2012 06:45:27
AESCN.DLL      : 8.1.8.2       131444 Bytes  27.01.2012 05:50:33
AESBX.DLL      : 8.2.4.5       434549 Bytes  01.12.2011 19:29:10
AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 05:01:56
AEPACK.DLL     : 8.2.16.3      799094 Bytes  11.02.2012 07:58:29
AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  30.12.2011 08:46:25
AEHEUR.DLL     : 8.1.4.0      4436342 Bytes  26.02.2012 06:45:27
AEHELP.DLL     : 8.1.19.0      254327 Bytes  20.01.2012 07:26:51
AEGEN.DLL      : 8.1.5.21      409971 Bytes  04.02.2012 14:00:18
AEEXP.DLL      : 8.1.0.23       70005 Bytes  26.02.2012 06:45:27
AEEMU.DLL      : 8.1.3.0       393589 Bytes  27.11.2010 07:24:51
AECORE.DLL     : 8.1.25.4      201079 Bytes  14.02.2012 07:12:08
AEBB.DLL       : 8.1.1.0        53618 Bytes  08.11.2010 07:26:15
AVWINLL.DLL    : 10.0.0.0       19304 Bytes  08.11.2010 07:25:07
AVPREF.DLL     : 10.0.3.2       44904 Bytes  29.06.2011 18:42:50
AVREP.DLL      : 10.0.0.10     174120 Bytes  18.05.2011 04:36:55
AVARKT.DLL     : 10.0.26.1     255336 Bytes  29.06.2011 18:42:50
AVEVTLOG.DLL   : 10.0.0.9      203112 Bytes  29.06.2011 18:42:50
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  08.11.2010 07:26:40
AVSMTP.DLL     : 10.0.0.17      63848 Bytes  08.11.2010 07:26:26
NETNT.DLL      : 10.0.0.0       11624 Bytes  08.11.2010 07:26:37
RCIMAGE.DLL    : 10.0.0.33    2633064 Bytes  29.06.2011 18:42:50
RCTEXT.DLL     : 10.0.63.0      98664 Bytes  29.06.2011 18:42:50

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 1. März 2012  11:54

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-4223294054-2252070966-736884885-1000\Software\SecuROM\License information\datasecu
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-4223294054-2252070966-736884885-1000\Software\SecuROM\License information\rkeysecu
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\ActiveX\alwaysreclaimassocations
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\ActiveX\qttaskrunflags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ATICustomerCare\CatalystRegistration\lastrundate
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ATICustomerCare\CatalystRegistration\donotaskagain
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files (x86)\Dragon Age
C:\Program Files (x86)\Dragon Age
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Games\Dragon Age Origins Character Creator
C:\Games\Dragon Age Origins Character Creator
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Games\Mass Effect 2
C:\Games\Mass Effect 2
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\dwwriteporttimeout
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\dwgportmutextimeout
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\debugflags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\ecpenable
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\ecprflag
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\ecpwflag
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\debuglog
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\debuglog
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks\AutoUpdate\18D10072035C4515918F7E37EAFAACFC\lastmodifieddate
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks\DivX\7B63B2922B174135AFC0E1377DD81EC2\nextupdate
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files (x86)\ffdshow
C:\Program Files (x86)\ffdshow
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files (x86)\ffdshow
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\fdwsupport
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\cformattags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\aformattagcache
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\cfiltertags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
DllHost.exe
C:\Windows\system32\DllHost.exe
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\name
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\CARET32\createtype
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\CA_APPSW\c3trn13.dll
C:\CA_APPSW\c3trn13.dll
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
C:\CA_APPSW\c3trn13.dll
C:\CA_APPSW\c3trn13.dll
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\CARET32\translationname
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\SOLIDSTATENETWORKS\SolidStateSOLO\um
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\version
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\languagefile
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\showintroframe
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winheight
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winwidth
  [HINWEIS]   Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDMedia.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDSirReal.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmplayer.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTXFISPI.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ctxfihlp.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GPU-Z.0.5.9.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '26' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '253' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows>
C:\Users\TimR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-23c07cac
  [0] Archivtyp: ZIP
  --> buildService/MailAgent.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  --> buildService/VirtualTable.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 4a28d253.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
C:\Users\TimR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1ebc74c7-7870a087
  [0] Archivtyp: ZIP
  --> buildService/MailAgent.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [HINWEIS]   Eine Sicherungskopie wurde unter dem Namen 528bfdb1.qua erstellt ( QUARANTÄNE )
  [HINWEIS]   Die Datei wurde gelöscht.
Beginne mit der Suche in 'E:\' <Stuff>


Ende des Suchlaufs: Donnerstag, 1. März 2012  13:55
Benötigte Zeit:  2:01:13 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  41188 Verzeichnisse wurden überprüft
 841638 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      2 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 841635 Dateien ohne Befall
   8174 Archive wurden durchsucht
      0 Warnungen
     56 Hinweise
 1032182 Objekte wurden beim Rootkitscan durchsucht
     58 Versteckte Objekte wurden gefunden
         


Alt 02.03.2012, 12:49   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdoor.messa - Standard

Backdoor.messa



Zitat:
Ich habe nun Reinigungen mit Avira Premium, Malware Antispyware, TDSS Killer und Super-Antispyware durchgeführt,
Und warum postest du nicht alle Logs
__________________
--> Backdoor.messa

Alt 02.03.2012, 16:13   #7
rka0
 
Backdoor.messa - Standard

Backdoor.messa



TDSS
Code:
ATTFilter
04:31:23.0188 5544	TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
04:31:23.0509 5544	============================================================
04:31:23.0509 5544	Current date / time: 2012/03/01 04:31:23.0509
04:31:23.0509 5544	SystemInfo:
04:31:23.0509 5544	
04:31:23.0509 5544	OS Version: 6.0.6002 ServicePack: 2.0
04:31:23.0509 5544	Product type: Workstation
04:31:23.0509 5544	ComputerName: SCHWOBB
04:31:23.0510 5544	UserName: TimR
04:31:23.0510 5544	Windows directory: C:\Windows
04:31:23.0510 5544	System windows directory: C:\Windows
04:31:23.0510 5544	Running under WOW64
04:31:23.0510 5544	Processor architecture: Intel x64
04:31:23.0510 5544	Number of processors: 4
04:31:23.0510 5544	Page size: 0x1000
04:31:23.0510 5544	Boot type: Normal boot
04:31:23.0510 5544	============================================================
04:31:25.0070 5544	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:31:25.0082 5544	\Device\Harddisk0\DR0:
04:31:25.0116 5544	MBR used
04:31:25.0117 5544	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x43D47178
04:31:25.0117 5544	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x43D47800, BlocksNum 0x309BE800
04:31:25.0225 5544	Initialize success
04:31:25.0225 5544	============================================================
04:31:31.0855 5464	============================================================
04:31:31.0855 5464	Scan started
04:31:31.0855 5464	Mode: Manual; 
04:31:31.0855 5464	============================================================
04:31:32.0995 5464	ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
04:31:33.0009 5464	ACPI - ok
04:31:33.0127 5464	adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
04:31:33.0140 5464	adp94xx - ok
04:31:33.0180 5464	adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
04:31:33.0184 5464	adpahci - ok
04:31:33.0216 5464	adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
04:31:33.0217 5464	adpu160m - ok
04:31:33.0259 5464	adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
04:31:33.0261 5464	adpu320 - ok
04:31:33.0394 5464	AFD             (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
04:31:33.0403 5464	AFD - ok
04:31:33.0459 5464	agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
04:31:33.0460 5464	agp440 - ok
04:31:33.0526 5464	aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
04:31:33.0527 5464	aic78xx - ok
04:31:33.0547 5464	aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
04:31:33.0547 5464	aliide - ok
04:31:33.0752 5464	ALSysIO - ok
04:31:33.0851 5464	amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
04:31:33.0851 5464	amdide - ok
04:31:33.0919 5464	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
04:31:33.0920 5464	amdiox64 - ok
04:31:33.0969 5464	AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
04:31:33.0970 5464	AmdK8 - ok
04:31:34.0997 5464	amdkmdag        (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
04:31:35.0262 5464	amdkmdag - ok
04:31:35.0503 5464	amdkmdap        (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
04:31:35.0507 5464	amdkmdap - ok
04:31:35.0608 5464	androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
04:31:35.0609 5464	androidusb - ok
04:31:35.0853 5464	AODDriver4.01 - ok
04:31:35.0949 5464	arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
04:31:35.0950 5464	arc - ok
04:31:36.0013 5464	arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
04:31:36.0015 5464	arcsas - ok
04:31:36.0017 5464	AsIO - ok
04:31:36.0045 5464	AsUpIO - ok
04:31:36.0105 5464	AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
04:31:36.0105 5464	AsyncMac - ok
04:31:36.0144 5464	atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
04:31:36.0145 5464	atapi - ok
04:31:36.0689 5464	AtiHDAudioService (1a872ab76d00f52643bb0f81792bbf3b) C:\Windows\system32\drivers\AtihdLH6.sys
04:31:36.0689 5464	AtiHDAudioService - ok
04:31:36.0871 5464	AtiHdmiService - ok
04:31:36.0941 5464	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
04:31:36.0943 5464	avgntflt - ok
04:31:37.0000 5464	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
04:31:37.0001 5464	avipbb - ok
04:31:37.0070 5464	blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
04:31:37.0071 5464	blbdrive - ok
04:31:37.0096 5464	bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
04:31:37.0097 5464	bowser - ok
04:31:37.0161 5464	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
04:31:37.0161 5464	BrFiltLo - ok
04:31:37.0193 5464	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
04:31:37.0193 5464	BrFiltUp - ok
04:31:37.0244 5464	Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
04:31:37.0244 5464	Brserid - ok
04:31:37.0264 5464	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
04:31:37.0264 5464	BrSerWdm - ok
04:31:37.0293 5464	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
04:31:37.0304 5464	BrUsbMdm - ok
04:31:37.0317 5464	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
04:31:37.0326 5464	BrUsbSer - ok
04:31:37.0356 5464	BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
04:31:37.0357 5464	BTHMODEM - ok
04:31:37.0404 5464	cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
04:31:37.0405 5464	cdfs - ok
04:31:37.0460 5464	cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
04:31:37.0461 5464	cdrom - ok
04:31:37.0498 5464	circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
04:31:37.0499 5464	circlass - ok
04:31:37.0595 5464	CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
04:31:37.0608 5464	CLFS - ok
04:31:37.0687 5464	cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
04:31:37.0687 5464	cmdide - ok
04:31:37.0720 5464	Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
04:31:37.0720 5464	Compbatt - ok
04:31:37.0742 5464	crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
04:31:37.0743 5464	crcdisk - ok
04:31:37.0869 5464	CT20XUT         (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
04:31:37.0871 5464	CT20XUT - ok
04:31:37.0917 5464	CT20XUT.SYS     (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
04:31:37.0919 5464	CT20XUT.SYS - ok
04:31:38.0016 5464	ctac32k         (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
04:31:38.0022 5464	ctac32k - ok
04:31:38.0176 5464	ctaud2k         (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
04:31:38.0192 5464	ctaud2k - ok
04:31:38.0288 5464	CTEXFIFX        (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
04:31:38.0319 5464	CTEXFIFX - ok
04:31:38.0393 5464	CTEXFIFX.SYS    (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
04:31:38.0403 5464	CTEXFIFX.SYS - ok
04:31:38.0474 5464	CTHWIUT         (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
04:31:38.0475 5464	CTHWIUT - ok
04:31:38.0493 5464	CTHWIUT.SYS     (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
04:31:38.0494 5464	CTHWIUT.SYS - ok
04:31:38.0540 5464	ctprxy2k        (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
04:31:38.0540 5464	ctprxy2k - ok
04:31:38.0621 5464	ctsfm2k         (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
04:31:38.0635 5464	ctsfm2k - ok
04:31:38.0762 5464	DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
04:31:38.0763 5464	DfsC - ok
04:31:38.0896 5464	dg_ssudbus      (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
04:31:38.0897 5464	dg_ssudbus - ok
04:31:38.0975 5464	disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
04:31:38.0976 5464	disk - ok
04:31:39.0051 5464	drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
04:31:39.0052 5464	drmkaud - ok
04:31:39.0256 5464	DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
04:31:39.0270 5464	DXGKrnl - ok
04:31:39.0334 5464	E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
04:31:39.0335 5464	E1G60 - ok
04:31:39.0375 5464	Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
04:31:39.0377 5464	Ecache - ok
04:31:39.0462 5464	elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
04:31:39.0479 5464	elxstor - ok
04:31:39.0558 5464	emupia          (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
04:31:39.0559 5464	emupia - ok
04:31:39.0613 5464	ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
04:31:39.0613 5464	ErrDev - ok
04:31:39.0685 5464	exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
04:31:39.0687 5464	exfat - ok
04:31:39.0746 5464	fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
04:31:39.0759 5464	fastfat - ok
04:31:39.0785 5464	fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
04:31:39.0786 5464	fdc - ok
04:31:39.0821 5464	FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
04:31:39.0822 5464	FileInfo - ok
04:31:39.0846 5464	Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
04:31:39.0846 5464	Filetrace - ok
04:31:39.0878 5464	flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:31:39.0878 5464	flpydisk - ok
04:31:39.0935 5464	FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
04:31:39.0943 5464	FltMgr - ok
04:31:39.0988 5464	Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
04:31:39.0989 5464	Fs_Rec - ok
04:31:40.0019 5464	gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
04:31:40.0019 5464	gagp30kx - ok
04:31:40.0214 5464	GPU-Z - ok
04:31:40.0390 5464	ha20x22k        (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
04:31:40.0424 5464	ha20x22k - ok
04:31:40.0614 5464	ha20x2k         (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
04:31:40.0640 5464	ha20x2k - ok
04:31:40.0770 5464	HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
04:31:40.0785 5464	HdAudAddService - ok
04:31:40.0896 5464	HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:31:40.0910 5464	HDAudBus - ok
04:31:40.0971 5464	HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
04:31:40.0972 5464	HidBth - ok
04:31:41.0002 5464	HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
04:31:41.0002 5464	HidIr - ok
04:31:41.0062 5464	HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
04:31:41.0063 5464	HidUsb - ok
04:31:41.0120 5464	HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
04:31:41.0121 5464	HpCISSs - ok
04:31:41.0240 5464	HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
04:31:41.0255 5464	HTTP - ok
04:31:41.0300 5464	i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
04:31:41.0300 5464	i2omp - ok
04:31:41.0354 5464	i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
04:31:41.0354 5464	i8042prt - ok
04:31:41.0427 5464	iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
04:31:41.0436 5464	iaStorV - ok
04:31:41.0501 5464	iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
04:31:41.0502 5464	iirsp - ok
04:31:41.0567 5464	intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
04:31:41.0567 5464	intelide - ok
04:31:41.0595 5464	intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
04:31:41.0596 5464	intelppm - ok
04:31:41.0650 5464	IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:31:41.0651 5464	IpFilterDriver - ok
04:31:41.0701 5464	IpInIp - ok
04:31:41.0760 5464	IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
04:31:41.0761 5464	IPMIDRV - ok
04:31:41.0822 5464	IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
04:31:41.0823 5464	IPNAT - ok
04:31:41.0851 5464	IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
04:31:41.0851 5464	IRENUM - ok
04:31:42.0080 5464	isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
04:31:42.0080 5464	isapnp - ok
04:31:42.0150 5464	iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
04:31:42.0154 5464	iScsiPrt - ok
04:31:42.0182 5464	iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
04:31:42.0183 5464	iteatapi - ok
04:31:42.0242 5464	iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
04:31:42.0242 5464	iteraid - ok
04:31:42.0269 5464	kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
04:31:42.0269 5464	kbdclass - ok
04:31:42.0326 5464	kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
04:31:42.0326 5464	kbdhid - ok
04:31:42.0446 5464	KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
04:31:42.0455 5464	KSecDD - ok
04:31:42.0477 5464	ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
04:31:42.0485 5464	ksthunk - ok
04:31:42.0561 5464	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
04:31:42.0562 5464	LGBusEnum - ok
04:31:42.0742 5464	LGDDCDevice     (3522649f3714b1c2bfddb1c611556317) C:\Program Files (x86)\forteManager\bin\I2CDriver.sys
04:31:42.0749 5464	LGDDCDevice - ok
04:31:42.0779 5464	LGII2CDevice    (722fef6f2f790cbad480578fa4df2158) C:\Program Files (x86)\forteManager\bin\PII2CDriver.sys
04:31:42.0790 5464	LGII2CDevice - ok
04:31:42.0857 5464	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
04:31:42.0857 5464	LGVirHid - ok
04:31:42.0973 5464	LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
04:31:42.0973 5464	LHidFilt - ok
04:31:42.0986 5464	lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
04:31:42.0987 5464	lltdio - ok
04:31:43.0034 5464	LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
04:31:43.0035 5464	LMouFilt - ok
04:31:43.0068 5464	LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
04:31:43.0069 5464	LSI_FC - ok
04:31:43.0085 5464	LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
04:31:43.0086 5464	LSI_SAS - ok
04:31:43.0113 5464	LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
04:31:43.0114 5464	LSI_SCSI - ok
04:31:43.0141 5464	luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
04:31:43.0142 5464	luafv - ok
04:31:43.0215 5464	LUsbFilt        (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
04:31:43.0216 5464	LUsbFilt - ok
04:31:43.0269 5464	megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
04:31:43.0270 5464	megasas - ok
04:31:43.0358 5464	MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
04:31:43.0374 5464	MegaSR - ok
04:31:43.0441 5464	Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
04:31:43.0442 5464	Modem - ok
04:31:43.0504 5464	monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
04:31:43.0504 5464	monitor - ok
04:31:43.0517 5464	mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
04:31:43.0518 5464	mouclass - ok
04:31:43.0577 5464	mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
04:31:43.0578 5464	mouhid - ok
04:31:43.0614 5464	MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
04:31:43.0615 5464	MountMgr - ok
04:31:43.0650 5464	mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
04:31:43.0652 5464	mpio - ok
04:31:43.0709 5464	mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
04:31:43.0709 5464	mpsdrv - ok
04:31:43.0751 5464	Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
04:31:43.0751 5464	Mraid35x - ok
04:31:43.0792 5464	MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
04:31:43.0794 5464	MRxDAV - ok
04:31:43.0852 5464	mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:31:43.0853 5464	mrxsmb - ok
04:31:43.0947 5464	mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:31:43.0954 5464	mrxsmb10 - ok
04:31:43.0989 5464	mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:31:43.0991 5464	mrxsmb20 - ok
04:31:44.0037 5464	msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
04:31:44.0037 5464	msahci - ok
04:31:44.0073 5464	msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
04:31:44.0074 5464	msdsm - ok
04:31:44.0121 5464	Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
04:31:44.0122 5464	Msfs - ok
04:31:44.0180 5464	msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
04:31:44.0180 5464	msisadrv - ok
04:31:44.0236 5464	MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
04:31:44.0237 5464	MSKSSRV - ok
04:31:44.0261 5464	MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
04:31:44.0274 5464	MSPCLOCK - ok
04:31:44.0293 5464	MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
04:31:44.0306 5464	MSPQM - ok
04:31:44.0385 5464	MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
04:31:44.0400 5464	MsRPC - ok
04:31:44.0430 5464	mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
04:31:44.0431 5464	mssmbios - ok
04:31:44.0485 5464	MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
04:31:44.0495 5464	MSTEE - ok
04:31:44.0539 5464	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
04:31:44.0539 5464	MTsensor - ok
04:31:44.0564 5464	Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
04:31:44.0565 5464	Mup - ok
04:31:44.0634 5464	NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
04:31:44.0636 5464	NativeWifiP - ok
04:31:44.0715 5464	NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
04:31:44.0730 5464	NDIS - ok
04:31:44.0767 5464	NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
04:31:44.0768 5464	NdisTapi - ok
04:31:44.0823 5464	Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
04:31:44.0823 5464	Ndisuio - ok
04:31:44.0863 5464	NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
04:31:44.0864 5464	NdisWan - ok
04:31:44.0903 5464	NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
04:31:44.0904 5464	NDProxy - ok
04:31:44.0947 5464	NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
04:31:44.0948 5464	NetBIOS - ok
04:31:44.0991 5464	netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
04:31:44.0994 5464	netbt - ok
04:31:45.0038 5464	nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
04:31:45.0039 5464	nfrd960 - ok
04:31:45.0090 5464	nmwcdcx64 - ok
04:31:45.0141 5464	nmwcdnsucx64 - ok
04:31:45.0157 5464	nmwcdnsux64 - ok
04:31:45.0185 5464	nmwcdx64 - ok
04:31:45.0277 5464	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
04:31:45.0278 5464	NPF - ok
04:31:45.0304 5464	Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
04:31:45.0306 5464	Npfs - ok
04:31:45.0353 5464	nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
04:31:45.0354 5464	nsiproxy - ok
04:31:45.0568 5464	Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
04:31:45.0588 5464	Ntfs - ok
04:31:45.0614 5464	Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
04:31:45.0614 5464	Null - ok
04:31:45.0690 5464	NVNET           (dcfbd407e8aa648832cc214343c943fa) C:\Windows\system32\DRIVERS\nvmfdx64.sys
04:31:45.0693 5464	NVNET - ok
04:31:45.0768 5464	nvsmu           (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
04:31:45.0769 5464	nvsmu - ok
04:31:45.0820 5464	nvstor64        (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
04:31:45.0822 5464	nvstor64 - ok
04:31:45.0830 5464	NwlnkFlt - ok
04:31:45.0867 5464	NwlnkFwd - ok
04:31:45.0967 5464	ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
04:31:45.0968 5464	ohci1394 - ok
04:31:46.0028 5464	ossrv           (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
04:31:46.0030 5464	ossrv - ok
04:31:46.0067 5464	Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
04:31:46.0068 5464	Parport - ok
04:31:46.0103 5464	partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
04:31:46.0104 5464	partmgr - ok
04:31:46.0216 5464	pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
04:31:46.0217 5464	pccsmcfd - ok
04:31:46.0254 5464	pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
04:31:46.0256 5464	pci - ok
04:31:46.0310 5464	pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
04:31:46.0311 5464	pciide - ok
04:31:46.0374 5464	pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
04:31:46.0376 5464	pcmcia - ok
04:31:46.0510 5464	PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
04:31:46.0518 5464	PEAUTH - ok
04:31:46.0598 5464	PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
04:31:46.0599 5464	PptpMiniport - ok
04:31:46.0645 5464	Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
04:31:46.0646 5464	Processor - ok
04:31:46.0719 5464	PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
04:31:46.0720 5464	PSched - ok
04:31:46.0862 5464	ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
04:31:46.0896 5464	ql2300 - ok
04:31:46.0934 5464	ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
04:31:46.0935 5464	ql40xx - ok
04:31:46.0968 5464	QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
04:31:46.0969 5464	QWAVEdrv - ok
04:31:47.0035 5464	RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
04:31:47.0036 5464	RasAcd - ok
04:31:47.0079 5464	Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:31:47.0080 5464	Rasl2tp - ok
04:31:47.0121 5464	RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
04:31:47.0122 5464	RasPppoe - ok
04:31:47.0174 5464	RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
04:31:47.0175 5464	RasSstp - ok
04:31:47.0245 5464	rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
04:31:47.0251 5464	rdbss - ok
04:31:47.0264 5464	RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:31:47.0265 5464	RDPCDD - ok
04:31:47.0317 5464	rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
04:31:47.0328 5464	rdpdr - ok
04:31:47.0356 5464	RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
04:31:47.0356 5464	RDPENCDD - ok
04:31:47.0412 5464	RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
04:31:47.0427 5464	RDPWD - ok
04:31:47.0475 5464	rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
04:31:47.0476 5464	rspndr - ok
04:31:47.0521 5464	sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
04:31:47.0522 5464	sbp2port - ok
04:31:47.0720 5464	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:31:47.0720 5464	secdrv - ok
04:31:47.0796 5464	Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
04:31:47.0797 5464	Serenum - ok
04:31:47.0855 5464	Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
04:31:47.0855 5464	Serial - ok
04:31:47.0876 5464	sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
04:31:47.0876 5464	sermouse - ok
04:31:47.0910 5464	sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
04:31:47.0910 5464	sffdisk - ok
04:31:47.0976 5464	sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
04:31:47.0976 5464	sffp_mmc - ok
04:31:48.0003 5464	sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
04:31:48.0003 5464	sffp_sd - ok
04:31:48.0029 5464	sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
04:31:48.0030 5464	sfloppy - ok
04:31:48.0057 5464	SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
04:31:48.0057 5464	SiSRaid2 - ok
04:31:48.0089 5464	SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
04:31:48.0089 5464	SiSRaid4 - ok
04:31:48.0158 5464	Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
04:31:48.0159 5464	Smb - ok
04:31:48.0206 5464	speedfan - ok
04:31:48.0247 5464	spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
04:31:48.0247 5464	spldr - ok
04:31:48.0349 5464	srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
04:31:48.0355 5464	srv - ok
04:31:48.0419 5464	srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
04:31:48.0421 5464	srv2 - ok
04:31:48.0492 5464	srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
04:31:48.0494 5464	srvnet - ok
04:31:48.0595 5464	ssadbus         (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
04:31:48.0596 5464	ssadbus - ok
04:31:48.0671 5464	ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
04:31:48.0671 5464	ssadmdfl - ok
04:31:48.0725 5464	ssadmdm         (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
04:31:48.0726 5464	ssadmdm - ok
04:31:48.0785 5464	ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
04:31:48.0787 5464	ssadserd - ok
04:31:48.0855 5464	sscdbus         (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
04:31:48.0856 5464	sscdbus - ok
04:31:48.0943 5464	sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
04:31:48.0943 5464	sscdmdfl - ok
04:31:49.0022 5464	sscdmdm         (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
04:31:49.0024 5464	sscdmdm - ok
04:31:49.0096 5464	ssudmdm         (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
04:31:49.0098 5464	ssudmdm - ok
04:31:49.0199 5464	ssudserd        (f7747cf40af99af3b5807c8e9f337f58) C:\Windows\system32\DRIVERS\ssudserd.sys
04:31:49.0201 5464	ssudserd - ok
04:31:49.0243 5464	swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
04:31:49.0244 5464	swenum - ok
04:31:49.0272 5464	Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
04:31:49.0273 5464	Symc8xx - ok
04:31:49.0296 5464	Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
04:31:49.0297 5464	Sym_hi - ok
04:31:49.0325 5464	Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
04:31:49.0326 5464	Sym_u3 - ok
04:31:49.0477 5464	Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
04:31:49.0503 5464	Tcpip - ok
04:31:49.0555 5464	Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
04:31:49.0572 5464	Tcpip6 - ok
04:31:49.0638 5464	tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
04:31:49.0639 5464	tcpipreg - ok
04:31:49.0656 5464	TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
04:31:49.0656 5464	TDPIPE - ok
04:31:49.0677 5464	TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
04:31:49.0678 5464	TDTCP - ok
04:31:49.0732 5464	tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
04:31:49.0733 5464	tdx - ok
04:31:49.0783 5464	TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
04:31:49.0784 5464	TermDD - ok
04:31:49.0838 5464	tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:31:49.0839 5464	tssecsrv - ok
04:31:49.0865 5464	tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
04:31:49.0865 5464	tunmp - ok
04:31:49.0928 5464	tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
04:31:49.0928 5464	tunnel - ok
04:31:49.0964 5464	uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
04:31:49.0965 5464	uagp35 - ok
04:31:50.0058 5464	udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
04:31:50.0074 5464	udfs - ok
04:31:50.0113 5464	uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
04:31:50.0114 5464	uliagpkx - ok
04:31:50.0178 5464	uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
04:31:50.0181 5464	uliahci - ok
04:31:50.0242 5464	UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
04:31:50.0244 5464	UlSata - ok
04:31:50.0295 5464	ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
04:31:50.0296 5464	ulsata2 - ok
04:31:50.0340 5464	umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
04:31:50.0341 5464	umbus - ok
04:31:50.0395 5464	upperdev - ok
04:31:50.0465 5464	usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
04:31:50.0466 5464	usbccgp - ok
04:31:50.0492 5464	usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
04:31:50.0493 5464	usbcir - ok
04:31:50.0521 5464	usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
04:31:50.0522 5464	usbehci - ok
04:31:50.0591 5464	usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
04:31:50.0604 5464	usbhub - ok
04:31:50.0620 5464	usbohci         (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
04:31:50.0621 5464	usbohci - ok
04:31:50.0672 5464	usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
04:31:50.0673 5464	usbprint - ok
04:31:50.0745 5464	usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
04:31:50.0745 5464	usbscan - ok
04:31:50.0761 5464	UsbserFilt - ok
04:31:50.0816 5464	USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:31:50.0817 5464	USBSTOR - ok
04:31:50.0895 5464	usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
04:31:50.0895 5464	usbuhci - ok
04:31:50.0931 5464	vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
04:31:50.0931 5464	vga - ok
04:31:50.0946 5464	VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
04:31:50.0947 5464	VgaSave - ok
04:31:50.0975 5464	viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
04:31:50.0976 5464	viaide - ok
04:31:51.0024 5464	volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
04:31:51.0025 5464	volmgr - ok
04:31:51.0145 5464	volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
04:31:51.0150 5464	volmgrx - ok
04:31:51.0211 5464	volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
04:31:51.0213 5464	volsnap - ok
04:31:51.0278 5464	vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
04:31:51.0280 5464	vsmraid - ok
04:31:51.0338 5464	WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
04:31:51.0352 5464	WacomPen - ok
04:31:51.0381 5464	Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
04:31:51.0382 5464	Wanarp - ok
04:31:51.0392 5464	Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
04:31:51.0393 5464	Wanarpv6 - ok
04:31:51.0450 5464	Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
04:31:51.0451 5464	Wd - ok
04:31:51.0498 5464	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:31:51.0506 5464	Wdf01000 - ok
04:31:51.0559 5464	WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:31:51.0560 5464	WmiAcpi - ok
04:31:51.0644 5464	WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
04:31:51.0645 5464	WpdUsb - ok
04:31:51.0697 5464	ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
04:31:51.0697 5464	ws2ifsl - ok
04:31:51.0746 5464	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
04:31:51.0748 5464	WudfPf - ok
04:31:51.0805 5464	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:31:51.0806 5464	WUDFRd - ok
04:31:51.0852 5464	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:31:51.0909 5464	\Device\Harddisk0\DR0 - ok
04:31:51.0912 5464	Boot (0x1200)   (3f94bb9feac5e0e9beb6b1895d1794fe) \Device\Harddisk0\DR0\Partition0
04:31:51.0913 5464	\Device\Harddisk0\DR0\Partition0 - ok
04:31:51.0944 5464	Boot (0x1200)   (4a3794e78f3558b18df7105a1fd3d8da) \Device\Harddisk0\DR0\Partition1
04:31:51.0975 5464	\Device\Harddisk0\DR0\Partition1 - ok
04:31:51.0975 5464	============================================================
04:31:51.0975 5464	Scan finished
04:31:51.0975 5464	============================================================
04:31:51.0986 2340	Detected object count: 0
04:31:51.0986 2340	Actual detected object count: 0
04:31:54.0994 3832	Deinitialize success
         
MBAM
Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.29.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
TimR :: SCHWOBB [Administrator]

01.03.2012 05:24:18
mbam-log-2012-03-01 (07-02-43) II

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444224
Laufzeit: 1 Stunde(n), 11 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
E:\Downloads\dsrecorder.3.2.exe (Rogue.BoanK) -> Keine Aktion durchgeführt.

(Ende)
         
Dem dsrecorder.3.2.exe habe ich einfach gelöscht. Hatte ich mal runtergeladen. Danach gabs auch keine Meldung mehr.
Das SAS Log ist komischerweise nicht mehr aufrufbar.

Alt 02.03.2012, 17:52   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdoor.messa - Standard

Backdoor.messa



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Außerdem fehlen noch die Logs von SUPERAntiSpyware und Avira AntiVir
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 02.03.2012, 19:56   #9
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Hi.
Den Avira-Log findest Du hier:
http://www.trojaner-board.de/110667-...tml#post783517
Ist der vierte Post (mein dritter).

MBAM zeigt mir merkwürdigerweise keine Logdateien mehr an im Reiter "logdateien".
Ich habe noch diese beiden hier manuell gespeichert:
MBAM #1 Quickscan vor Reinigung:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7950

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

01.03.2012 04:13:09
mbam-log-2012-03-01 (04-13-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 183062
Laufzeit: 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\TimR\AppData\Roaming\microsoft\torrent.exe (Backdoor.Messa) -> No action taken.
         
und dann einige Stunden später:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.29.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
TimR :: SCHWOBB [Administrator]

01.03.2012 05:24:18
mbam-log-2012-03-01 (07-02-43) II

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444224
Laufzeit: 1 Stunde(n), 11 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
E:\Downloads\dsrecorder.3.2.exe (Rogue.BoanK) -> Keine Aktion durchgeführt.

(Ende)
         
Und hier ein einziger SAS-Log, den ich manuell gespeichert hab. Auch hier zeigt mir SAS keine Logs mehr
SAS nach Reinigung:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/01/2012 at 07:08 AM

Application Version : 5.0.1144

Core Rules Database Version : 8292
Trace Rules Database Version: 6104

Scan type       : Custom Scan
Total Scan Time : 00:04:14

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 679
Memory threats detected   : 0
Registry items scanned    : 64926
Registry threats detected : 0
File items scanned        : 10251
File threats detected     : 0
         
Danke!

Alt 05.03.2012, 10:30   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdoor.messa - Standard

Backdoor.messa



Zitat:
E:\Downloads\dsrecorder.3.2.exe (Rogue.BoanK)
Was soll das sein?
Der normale Modus funktioniert wieder uneingeschränkt?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2012, 17:59   #11
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Evtl. Fehlalarm?
Das ist ein programm ähnlich wie camtasia zur Aufnahme von Streams von Sytexis.
Ich hatte es nach der Warnung einfach gelöscht. Seitdem keine weitere Meldung.
Und der normale Modus funktioniert wieder uneingeschränkt. Danke!

Alt 05.03.2012, 19:07   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdoor.messa - Standard

Backdoor.messa



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.03.2012, 23:46   #13
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Entweder es ist alles kaputt, oder lauter Fehlalarme.
Die angeblich kompromittierten Dateien sind alles ganz normale Tools, die ich vornehmlich über chip.de besorgt habe:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=49322c8e80ddae4387d4585141b07ad3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-05 10:40:54
# local_time=2012-03-05 11:40:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 41780427 41780427 0 0
# compatibility_mode=5892 16776574 100 56 55829099 168502051 0 0
# compatibility_mode=8192 67108863 100 0 3723 3723 0 0
# scanned=264102
# found=6
# cleaned=0
# scan_time=9108
C:\ProgramData\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
C:\Users\All Users\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi	Win32/Packed.Autoit.E.Gen application (unable to clean)	00000000000000000000000000000000	I
E:\Downloads\SoftonicDownloader57865.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
E:\Downloads\winamp5621_full_emusic-7plus_all.exe	Win32/OpenCandy application (unable to clean)	00000000000000000000000000000000	I
E:\Downloads\YouTubeDownloaderSetup33.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
E:\Downloads\YouTubeDownloaderSetup35.exe	probably a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
         
WinAmp und Vistacodecs beispielsweise sind ja nicht gerade bekannt als infektiös

Alt 06.03.2012, 12:57   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Backdoor.messa - Standard

Backdoor.messa



Zitat:
E:\Downloads\SoftonicDownloader57865.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 06.03.2012, 18:49   #15
rka0
 
Backdoor.messa - Standard

Backdoor.messa



Ich hab ehrlich gesagt auch keine Ahnung, woher dieser Softonic Downloader kommt. Das Programm, das er downloaden soll, kenne ich nicht (MUGEN, irgendso ein Kampfspiel). Sehr merkwürdig.
Anyway, hier der aktuelle OTL-Log:
Und mal wieder Danke!

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.03.2012 18:38:04 - Run 3
OTL by OldTimer - Version 3.2.33.2     Folder = C:\Users\TimR\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,55% Memory free
8,20 Gb Paging File | 6,04 Gb Available in Paging File | 73,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 542,64 Gb Total Space | 334,16 Gb Free Space | 61,58% Space Free | Partition Type: NTFS
Drive E: | 388,87 Gb Total Space | 139,47 Gb Free Space | 35,87% Space Free | Partition Type: NTFS
 
Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.01 04:27:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\TimR\Desktop\OTL.exe
PRC - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.02.16 16:11:52 | 001,019,872 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Program Files (x86)\GPUZ\GPU-Z.0.5.9.exe
PRC - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.08 08:26:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.07.07 20:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.07.07 20:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
MOD - [2009.06.29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2007.09.13 18:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.01 16:33:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.25 21:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\ATI\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files (x86)\SAS\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.10 00:42:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.12.10 00:23:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.12.08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.17 18:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.29 19:42:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 19:42:50 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.12.21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.07.07 22:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 22:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 22:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 22:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 22:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 22:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 22:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 22:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASKUTIL64.SYS -- (SASKUTIL)
DRV - [2008.08.08 13:52:48 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008.08.08 13:52:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/ [binary data]
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB F2 93 D9 5A EE CC 01  [binary data]
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_221.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
 
 
O1 HOSTS File: ([2011.03.13 15:15:23 | 000,431,157 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14842 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech\SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\11-12\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 195.50.140.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6659378C-9D4A-4D5D-882C-148AEC3A7B09}: DhcpNameServer = 195.50.140.116 195.50.140.180
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.25 20:18:54 | 000,000,035 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\AutoRun\command - "" = G:\jeti\\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\explore\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\install\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\open\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{6422d340-9cc8-11df-91e9-00261822e3e6}\Shell\AutoRun\command - "" = F:\shelexec.exe .\Vaillant\index.htm
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell - "" = AutoRun
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Program Files (x86)\SAS\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Program Files (x86)\SAS\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3F378912-0B00-B4FB-BDCC-6F452B2D6A59} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 18:26:14 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\TimR\Desktop\OTL.exe
[2012.03.03 00:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2012.03.03 00:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2012.03.01 22:27:24 | 000,000,000 | R--D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.03.01 22:22:58 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Trillian
[2012.03.01 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\vlc
[2012.03.01 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
[2012.03.01 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.01 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.01 16:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.01 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Secunia PSI
[2012.03.01 16:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.03.01 16:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012.03.01 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SAS
[2012.03.01 04:45:18 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\SUPERAntiSpyware.com
[2012.03.01 04:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.03.01 04:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAntiSpyware
[2012.03.01 04:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java(0)
[2012.02.17 20:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.02.17 15:17:56 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\LogiShrd
[2012.02.17 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logitech
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logishrd
[2012.02.17 08:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.02.17 08:53:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.02.17 08:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.02.17 07:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Origin
[2012.02.17 07:49:15 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Origin
[2012.02.17 07:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.02.16 16:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy
[2012.02.13 09:26:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.02.05 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\TimR\Documents\SelfMV
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 18:33:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.06 18:26:01 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.06 18:26:01 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.06 18:26:01 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.06 18:26:01 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.06 18:26:01 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.06 18:19:43 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 18:19:43 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 18:19:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 08:35:48 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.06 08:35:48 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.06 08:35:48 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.06 07:37:28 | 000,241,664 | ---- | M] () -- C:\Users\TimR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.06 06:58:47 | 000,298,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.05 21:34:46 | 000,001,468 | ---- | M] () -- C:\Users\TimR\.jalview_properties
[2012.03.02 16:59:43 | 000,004,070 | ---- | M] () -- C:\Users\TimR\Desktop\141] 2012 PhDnet General Survey.eml
[2012.03.01 08:56:29 | 000,029,124 | ---- | M] () -- C:\Users\TimR\Documents\Logs.zip
[2012.03.01 04:27:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\TimR\Desktop\OTL.exe
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 06:58:38 | 000,298,472 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.02 16:59:42 | 000,004,070 | ---- | C] () -- C:\Users\TimR\Desktop\141] 2012 PhDnet General Survey.eml
[2012.03.01 16:15:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.01 05:21:26 | 000,029,124 | ---- | C] () -- C:\Users\TimR\Documents\Logs.zip
[2012.02.17 15:24:06 | 000,001,468 | ---- | C] () -- C:\Users\TimR\.jalview_properties
[2011.12.05 11:23:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.10 17:51:06 | 000,000,680 | ---- | C] () -- C:\Users\TimR\AppData\Local\d3d9caps.dat
[2011.03.10 15:24:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.10 15:24:13 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.10 15:24:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.03.10 15:23:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.10 00:19:41 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.12.10 00:19:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.12 09:12:38 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.09.03 17:19:13 | 001,539,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.07.07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.07.07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.07.07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.07.07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.05.23 22:25:12 | 000,201,122 | ---- | C] () -- C:\Windows\SysWow64\Cavort10.dll
[2010.05.23 22:25:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Unlha.dll
[2010.05.23 22:25:12 | 000,066,113 | ---- | C] () -- C:\Windows\SysWow64\Cavordd.dll
[2010.05.23 22:25:12 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\Cavosysc.dll
[2010.05.23 22:25:07 | 000,000,098 | ---- | C] () -- C:\Windows\twland.ini
 
========== LOP Check ==========
 
[2010.04.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Academic Software Zurich
[2010.05.30 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Amazon
[2012.02.25 22:26:51 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Audacity
[2009.09.25 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Auslogics
[2009.11.10 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DonationCoder
[2012.02.26 13:44:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Dropbox
[2012.01.27 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoft
[2012.01.21 09:16:29 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.09 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\EAC
[2010.11.13 22:21:04 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\FreeHideIP
[2010.11.16 17:15:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\GetRightToGo
[2011.07.19 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\inkscape
[2010.09.20 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\IrfanView
[2009.09.25 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Leadertech
[2011.06.23 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MEGA5_5110426
[2011.04.09 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MP3Find
[2011.04.16 09:24:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MPEG Streamclip
[2010.09.03 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Nokia
[2012.03.01 22:51:56 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Notepad++
[2011.01.30 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OfficeRecovery
[2010.03.06 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OpenDNS Updater
[2011.04.11 07:39:33 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Opera
[2012.02.17 07:49:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Origin
[2010.06.08 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\PC Suite
[2011.04.19 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Samsung
[2009.11.18 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\ScanSoft
[2009.11.08 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\StreamTorrent
[2011.12.12 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Temp
[2010.09.17 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Tracker Software
[2012.03.01 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Trillian
[2012.01.23 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Wizards of the Coast
[2011.07.07 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Xi
[2012.03.06 08:35:40 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Academic Software Zurich
[2010.07.17 11:30:57 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Adobe
[2010.05.30 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Amazon
[2012.01.14 22:44:50 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\ATI
[2012.02.25 22:26:51 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Audacity
[2009.09.25 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Auslogics
[2010.11.08 08:53:51 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Avira
[2009.09.25 23:51:59 | 000,000,000 | R--D | M] -- C:\Users\TimR\AppData\Roaming\Brother
[2010.06.11 09:30:32 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DivX
[2009.11.10 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DonationCoder
[2012.02.26 13:44:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Dropbox
[2012.01.27 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoft
[2012.01.21 09:16:29 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.09 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\EAC
[2010.11.13 22:21:04 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\FreeHideIP
[2010.11.16 17:15:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\GetRightToGo
[2009.09.25 18:11:45 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Identities
[2011.07.19 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\inkscape
[2009.09.25 20:38:15 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\InstallShield
[2010.09.20 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\IrfanView
[2009.09.25 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Leadertech
[2012.02.17 15:13:54 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Logishrd
[2012.02.17 15:17:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Logitech
[2009.09.25 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Macromedia
[2010.05.24 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Media Center Programs
[2011.06.23 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MEGA5_5110426
[2009.04.11 08:10:17 | 000,000,000 | --SD | M] -- C:\Users\TimR\AppData\Roaming\Microsoft
[2011.03.02 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Mozilla
[2011.04.09 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MP3Find
[2011.04.16 09:24:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MPEG Streamclip
[2010.09.03 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Nokia
[2012.03.01 22:51:56 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Notepad++
[2011.01.30 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OfficeRecovery
[2010.03.06 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OpenDNS Updater
[2011.04.11 07:39:33 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Opera
[2012.02.17 07:49:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Origin
[2010.06.08 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\PC Suite
[2011.04.19 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Samsung
[2009.11.18 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\ScanSoft
[2009.09.28 18:58:53 | 000,000,000 | RH-D | M] -- C:\Users\TimR\AppData\Roaming\SecuROM
[2012.03.01 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Skype
[2009.11.08 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\StreamTorrent
[2010.10.04 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Sun
[2012.03.01 04:45:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.12 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Temp
[2010.09.17 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Tracker Software
[2012.03.01 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Trillian
[2012.03.06 07:40:52 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\vlc
[2012.03.06 00:12:55 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Winamp
[2009.09.25 19:30:20 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\WinRAR
[2012.01.23 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Wizards of the Coast
[2011.07.07 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Xi
 
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\TimR\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\TimR\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.01 16:17:12 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\TimR\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.17 15:17:45 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\TimR\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.12.04 16:37:20 | 000,088,102 | R--- | M] () -- C:\Users\TimR\AppData\Roaming\Microsoft\Installer\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}\ARPPRODUCTICON.exe
[2011.12.08 02:33:24 | 000,935,824 | ---- | M] (Samsung) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.12.08 02:33:28 | 000,278,928 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.29 08:44:38 | 000,292,864 | ---- | M] (Samsung) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.12.08 02:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.11.29 08:40:26 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.11.29 08:40:26 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.12.06 08:35:14 | 000,691,712 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.29 08:40:26 | 000,110,080 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ErrorReport.exe
[2011.12.08 02:33:30 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.12.06 08:35:10 | 000,106,408 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.12.06 08:35:10 | 000,101,288 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.12.08 02:33:34 | 000,131,984 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.12.08 02:33:36 | 003,569,984 | ---- | M] (Freeware) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.29 08:37:46 | 024,114,392 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.12.08 02:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.01.04 07:07:42 | 000,371,088 | ---- | M] (ml) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2011.04.22 17:02:19 | 000,614,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Users\TimR\AppData\Roaming\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.13 16:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1199 bytes -> C:\Users\TimR\Desktop\141] 2012 PhDnet General Survey.eml:OECustomProperty

< End of report >
         
--- --- ---

Antwort

Themen zu Backdoor.messa
backdoor.messa, blockiertes, conime.exe, entfern, heute, laufe, laufen, malwarebyte, morgen, schaf, superantispyware, zahlen



Ähnliche Themen: Backdoor.messa


  1. System bereinigen nach Backdoor.graybird / backdoor.rustock etc.
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (5)
  2. Exploit.Script.Generic, Exploit.JS.Pdfka.gfa, Backdoor.Win32.ZAccess.ypw, Backdoor.Win32.ZAccess.yqi, Trojan.Win32.Miner.dw und weitere
    Log-Analyse und Auswertung - 02.10.2012 (7)
  3. Backdoor.Bot / Backdoor.Gootkit / Malware.Trace -> HiJackThis + Malwarebytes logfile
    Log-Analyse und Auswertung - 02.07.2010 (6)
  4. Backdoor.bot
    Log-Analyse und Auswertung - 04.06.2009 (2)
  5. Backdoor.Trojan und Backdoor.Grybird
    Mülltonne - 13.10.2008 (0)
  6. Backdoor?
    Log-Analyse und Auswertung - 08.05.2008 (1)
  7. TR/BackDoor.NB
    Plagegeister aller Art und deren Bekämpfung - 26.04.2008 (4)
  8. Backdoor-DJT
    Plagegeister aller Art und deren Bekämpfung - 23.10.2007 (3)
  9. Backdoor???
    Mülltonne - 14.10.2007 (0)
  10. Backdoor.GrayBird.K (BackDoor-ARR [McAfee]
    Plagegeister aller Art und deren Bekämpfung - 29.07.2007 (1)
  11. Backdoor Win 32.VB.aup
    Plagegeister aller Art und deren Bekämpfung - 05.06.2007 (4)
  12. Backdoor
    Plagegeister aller Art und deren Bekämpfung - 09.11.2005 (2)
  13. W32/Backdoor-CFB
    Plagegeister aller Art und deren Bekämpfung - 08.09.2004 (1)
  14. backdoor.avc???
    Plagegeister aller Art und deren Bekämpfung - 25.08.2004 (3)
  15. Backdoor.sd.bot
    Plagegeister aller Art und deren Bekämpfung - 07.05.2004 (2)
  16. Backdoor... Was tun?
    Plagegeister aller Art und deren Bekämpfung - 18.04.2004 (1)
  17. Backdoor help thx
    Plagegeister aller Art und deren Bekämpfung - 05.08.2003 (5)

Zum Thema Backdoor.messa - Auch ich habe heute morgen Bekanntschaft mit dem "Bitte zahlen Sie für Ihr blockiertes Windows-System"-Screen gemacht. Habe Malwarebyte und SUPERAntiSpyware laufen lassen und backdoor.messa aus c:/user entfernt. Hier noch ein - Backdoor.messa...
Archiv
Du betrachtest: Backdoor.messa auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.