Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Win32.parite. In Winrar. logfile erstellt!

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 12.04.2010, 21:50   #1
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Unglücklich

Win32.parite. In Winrar. logfile erstellt!



also seit gestern/heute meint mein avast das in meinem winrar ordner
C:\Program Files\WinRAR\scvhost.exe das befindet.
und sagt auserdem Win32:Parite.

doch soweit ich weis ist das eigentlich ein windows dienst für die updates usw.
hat jemand da ne lösung für?

hier der HijackThis logfile:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:40:49, on 12.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SOUNDMAN.EXE
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Foxit Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (file missing)
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6417 bytes

Alt 13.04.2010, 12:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



Hallo und

Zitat:
doch soweit ich weis ist das eigentlich ein windows dienst für die updates usw
Nein. Das wäre die svchost.exe in system32 aber keine irgendwo in einem WinRAR-Verzeichnis. Von wo hast Du das WinRAR her? Von der orginal Herstellerseite?
__________________

__________________

Alt 13.04.2010, 13:30   #3
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



lustiger weise ja...

aber mit nem keks

liegt daran? ich nehm auch gern weider 7zip
__________________

Alt 13.04.2010, 13:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



Was lustigerweise ja? Bitte so schreiben, dass man nicht herumraten musst was Du meinst.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2010, 14:16   #5
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



ja gut. war so auszulegen weil du fragstest ob ich winrar von der hp des herstellers habe
deswegen lustiger weise ja...

ich kanns das ding aber auch mit avast nicht löschen in den container verschieben oder sonst was machen. sagt dann immer : Kann datei "c:\programm files\winrar\scvhost.exe" nicht bearbeiten.

woran liegt das?


Alt 13.04.2010, 14:54   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



Müssen wir analysieren.

Hinweis: Du nutzt ein 64-Bit-Windows. Viele Tools, die wir hier als Hilfsmittel zum Bereinigen einsetzen, sind mit nem 64-Bit-Windows nicht kompatibel - das macht eine Bereinigung schwerer als sie ohnehin schon ist.

Mach bitte einen Durchgang mit Malwarebytes und poste das Log.
__________________
--> Win32.parite. In Winrar. logfile erstellt!

Alt 13.04.2010, 15:22   #7
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



soo habs gescannt:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3984

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.04.2010 16:20:34
mbam-log-2010-04-13 (16-20-34).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 110698
Laufzeit: 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


sieht nachnichts aus das eine müsste ja HijackThis sein wenn ich das so richtig interpretiere
kanns sein das avast das vll als virus erkennt da ja dinge darüber gesendet werden?
soweit ich weis ist das keine spezielle 64 bit version für win 7. liegts womöglich daran?

Alt 13.04.2010, 15:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



Mach bitte einen Vollscan.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2010, 17:24   #9
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



sooo hier der vollscann.


Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3984

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

13.04.2010 18:23:00
mbam-log-2010-04-13 (18-23-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 255107
Laufzeit: 27 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



irgentwie finden die nichts hmmmm komisch.

danke schonmal an dieser stelle für die bemühungen.

Alt 13.04.2010, 19:41   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



Ok, dann mach bitte Logs mit OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2010, 20:14   #11
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



soooo auch hier die scanns aber scheint clean auf den ersten blick kann ja auch sein das avast "dumm" ist



OTL Extras logfile created on: 13.04.2010 21:06:13 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Dome\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 157,36 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUEDEN
Current User Name: Dome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9B1A8F3D-8059-43FB-A7AE-4F2C21F0AAF2}" = KhalInstallWrapper
"C-Media PCI Audio Driver" = C-Media PCI Audio Device
"Defraggler" = Defraggler
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}" = Logitech SetPoint
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{D79A717E-073E-4FDA-A854-BF81D7A52297}_is1" = Source Dedicated Server DZ
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E63A550D-7A75-462C-B495-D77F0808D083}" = SpellForce 2 - Shadow Wars
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Counter-Strike 1.6 V40.1" = Counter-Strike 1.6 V40.1
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"JDownloader" = JDownloader
"Listenserver Erweiterungssystem" = Listenserver Erweiterungssystem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
avast! Firewall Core Firewall Service. System Error: Das System kann die angegebene
Datei nicht finden. .

Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswRdr. System Error: Das System kann die angegebene Datei nicht finden. .

Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswSnx. System Error: Das System kann die angegebene Datei nicht finden. .

Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
aswSP. System Error: Das System kann die angegebene Datei nicht finden. .

Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary
avast! Network Shield Support. System Error: Das System kann die angegebene Datei
nicht finden. .

Error - 06.04.2010 14:12:25 | Computer Name = sueden | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
"System Writer". Details: AddWin32ServiceFiles: Unable to back up image of service
avast! Antivirus since QueryServiceConfig API failed System Error: Das System kann
die angegebene Datei nicht finden. .

Error - 06.04.2010 15:13:21 | Computer Name = sueden | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LMonitor.exe, Version: 1.0.0.3, Zeitstempel:
0x42d1dd09 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x372d534d ID des fehlerhaften Prozesses:
0x248 Startzeit der fehlerhaften Anwendung: 0x01cad5bd11b2d101 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\MSI\Live Update 3\LMonitor.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: 76b16527-41b0-11df-bd84-001617172530

Error - 06.04.2010 17:52:58 | Computer Name = sueden | Source = VSS | ID = 12305
Description =

Error - 08.04.2010 09:37:38 | Computer Name = sueden | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Logitech\SetPoint\SetPoint.exe".
Die
abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 08.04.2010 12:21:29 | Computer Name = sueden | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl.exe, Version: 1.1.1.1, Zeitstempel:
0x48feaf5a Name des fehlerhaften Moduls: steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel:
0x4a0fe93e Ausnahmecode: 0xc0000005 Fehleroffset: 0x7270d1a0 ID des fehlerhaften Prozesses:
0xe9c Startzeit der fehlerhaften Anwendung: 0x01cad735ed99f0c4 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Counter-Strike 1.6 V40\hl.exe Pfad des fehlerhaften
Moduls: steam.dll Berichtskennung: c90e5f12-432a-11df-a0e8-001617172530

[ System Events ]
Error - 12.04.2010 09:34:59 | Computer Name = sueden | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056

Error - 12.04.2010 16:34:11 | Computer Name = sueden | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
aktuellen Status gemeldet: 0

Error - 12.04.2010 16:35:16 | Computer Name = sueden | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 12.04.2010 16:35:16 | Computer Name = sueden | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error - 12.04.2010 17:07:40 | Computer Name = sueden | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
aktuellen Status gemeldet: 0

Error - 13.04.2010 08:15:35 | Computer Name = sueden | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 13.04.2010 08:15:35 | Computer Name = sueden | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275

Error - 13.04.2010 10:41:00 | Computer Name = sueden | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
aktuellen Status gemeldet: 0

Error - 13.04.2010 10:42:05 | Computer Name = sueden | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\DRIVERS\lirsgt.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.

Error - 13.04.2010 10:42:05 | Computer Name = sueden | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1275


< End of report >

Alt 13.04.2010, 20:14   #12
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



und hier der 2te


sooo da der 2te:




OTL logfile created on: 13.04.2010 21:06:13 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Dome\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 157,36 Gb Free Space | 67,57% Space Free | Partition Type: NTFS
Drive D: | 4,12 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SUEDEN
Current User Name: Dome
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Dome\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\PROGRA~2\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\JetAudio\JetAudio.exe (JetAudio, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Programme\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Programme\Logitech\SetPoint\x86\SetPoint32.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Dome\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV:64bit: - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV:64bit: - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV:64bit: - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (cmuda3) -- C:\Windows\SysNative\drivers\cmudax3.sys (C-Media Inc)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (ALWIL Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (ALWIL Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (ALWIL Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (ALWIL Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr.sys (ALWIL Software)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (WinUsb) -- C:\Windows\SysNative\drivers\winusb.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\RTKVAC64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LMouKE) -- C:\Windows\SysNative\drivers\LMouKE.Sys (Logitech Inc.)
DRV:64bit: - (L8042mou) -- C:\Windows\SysNative\drivers\L8042mou.Sys (Logitech Inc.)
DRV:64bit: - (L8042Kbd) -- C:\Windows\SysNative\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (lirsgt) -- C:\Windows\SysWOW64\drivers\lirsgt.sys ()
DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\SysWOW64\winusb.dll (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0A 4F 90 C6 8F D5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://www.schuelervz.net/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.07 00:12:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.07 00:12:58 | 000,000,000 | ---D | M]

[2010.04.06 16:39:06 | 000,000,000 | ---D | M] -- C:\Users\Dome\AppData\Roaming\mozilla\Extensions
[2010.04.13 14:27:23 | 000,000,000 | ---D | M] -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\5bps0smz.default\extensions
[2010.04.07 00:13:03 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dome\AppData\Roaming\mozilla\Firefox\Profiles\5bps0smz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.07 00:02:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll File not found
O4:64bit: - HKLM..\Run: [CmPCIaudio] C:\Windows\Syswow64\CMICNFG3.DLL (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\Alwil Software\Avast4\aswRegSvr.exe ()
O4 - Startup: C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.27 14:05:43 | 002,695,168 | R--- | M] (JoWooD Productions Software AG) - D:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.10.27 14:05:43 | 000,000,050 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7a9aafd3-4181-11df-a47c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7a9aafd3-4181-11df-a47c-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- [2006.10.27 14:05:43 | 002,695,168 | R--- | M] (JoWooD Productions Software AG)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.13 18:59:07 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\ICQ
[2010.04.13 16:13:43 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Malwarebytes
[2010.04.13 16:13:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.13 16:13:31 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.13 16:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.13 16:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.12 22:40:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.04.12 22:12:27 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\Neuer Ordner (2)
[2010.04.12 16:34:03 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\SpellForce2
[2010.04.12 16:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpellForce
[2010.04.12 15:52:01 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\Neuer Ordner
[2010.04.09 16:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2010.04.08 17:39:56 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\My Games
[2010.04.08 16:54:20 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\ICQ
[2010.04.08 16:54:19 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\AOL
[2010.04.08 16:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1
[2010.04.08 15:37:33 | 000,228,864 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\kemutb.dll
[2010.04.08 15:37:33 | 000,218,112 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\KemUtil.dll
[2010.04.08 15:37:33 | 000,152,064 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\KemWnd.dll
[2010.04.08 15:37:33 | 000,072,192 | ---- | C] (Logitech Inc.) -- C:\Windows\SysNative\KemXML.dll
[2010.04.08 15:37:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Logitech
[2010.04.08 15:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.04.08 15:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.04.08 15:25:09 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CMICNFG3.dll
[2010.04.08 15:25:09 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\CMPaOxy.dll
[2010.04.08 15:24:04 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010.04.07 20:31:25 | 000,475,648 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\AlcUpd64.exe
[2010.04.07 20:30:39 | 000,524,288 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.04.07 20:30:39 | 000,319,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010.04.07 20:03:29 | 000,022,216 | ---- | C] (Licensed for Gebhard Software) -- C:\Windows\SysNative\drivers\DRHARD64.sys
[2010.04.07 20:03:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dr. Hardware 2010
[2010.04.06 23:21:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek AC97
[2010.04.06 21:10:15 | 000,327,168 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.04.06 20:54:01 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\ElevatedDiagnostics
[2010.04.06 20:44:55 | 000,027,216 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010.04.06 20:44:52 | 000,053,840 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010.04.06 20:44:46 | 000,097,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\AvastSS.scr
[2010.04.06 20:44:45 | 000,089,680 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010.04.06 20:44:45 | 000,022,096 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010.04.06 20:44:43 | 000,065,616 | ---- | C] (ALWIL Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010.04.06 20:44:13 | 001,280,480 | ---- | C] (ALWIL Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010.04.06 20:44:13 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2010.04.06 20:44:13 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCP71.dll
[2010.04.06 20:44:13 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVCR71.dll
[2010.04.06 20:13:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.04.06 20:13:01 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.04.06 20:13:01 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.06 20:13:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.06 20:13:01 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.06 20:12:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.04.06 19:40:25 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010.04.06 19:40:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.04.06 19:21:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike 1.6 V40
[2010.04.06 19:04:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Counter-Strike Source
[2010.04.06 18:53:53 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Leadertech
[2010.04.06 18:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010.04.06 18:53:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.04.06 18:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
[2010.04.06 18:52:57 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\COWON
[2010.04.06 18:52:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COWON
[2010.04.06 18:52:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JetAudio
[2010.04.06 18:52:11 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.04.06 18:51:45 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\InstallShield
[2010.04.06 18:51:31 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Logitech
[2010.04.06 18:51:31 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Logishrd
[2010.04.06 18:32:47 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.04.06 18:32:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.04.06 18:26:23 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\WinRAR
[2010.04.06 18:24:46 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.04.06 18:11:38 | 000,657,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2010.04.06 18:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010.04.06 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.04.06 16:59:26 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler
[2010.04.06 16:49:16 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Microsoft Games
[2010.04.06 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Mozilla
[2010.04.06 16:38:56 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Mozilla
[2010.04.06 16:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.04.06 16:36:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.04.06 16:36:04 | 000,000,000 | -HSD | C] -- C:\Boot
[2010.04.06 16:23:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.04.06 16:23:23 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.04.06 16:22:13 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.04.06 16:15:09 | 000,930,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe
[2010.04.06 16:15:09 | 000,064,616 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.04.06 16:15:09 | 000,056,424 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.04.06 16:15:09 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.04.06 16:15:08 | 004,503,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.04.06 16:15:06 | 021,005,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.04.06 16:15:06 | 015,227,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.04.06 16:15:06 | 003,215,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010.04.06 16:15:06 | 002,907,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010.04.06 16:15:06 | 000,384,616 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.04.06 16:15:06 | 000,316,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.04.06 16:15:04 | 011,906,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.04.06 16:15:04 | 009,386,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.04.06 16:15:04 | 002,893,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.04.06 16:15:04 | 002,646,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.04.06 16:15:04 | 002,106,472 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.04.06 16:15:04 | 002,009,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.04.06 16:15:02 | 016,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.04.06 16:15:02 | 011,647,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.04.06 16:15:02 | 005,444,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.04.06 16:15:02 | 004,029,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.04.06 16:15:02 | 001,592,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010.04.06 16:15:02 | 001,296,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.04.06 16:15:02 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll
[2010.04.06 16:15:02 | 000,239,208 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.04.06 16:14:41 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.04.06 16:08:25 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Macromedia
[2010.04.06 16:08:25 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Adobe
[2010.04.06 16:08:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.04.06 16:07:17 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2010.04.06 16:05:32 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.04.06 16:02:40 | 000,000,000 | ---D | C] -- C:\Users\Dome\Documents\DriverGenius
[2010.04.06 16:00:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft
[2010.04.06 15:55:08 | 000,000,000 | ---D | C] -- C:\Users\Dome\Desktop\saves
[2010.04.06 15:55:06 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.04.06 15:55:05 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.04.06 15:55:03 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.04.06 15:55:03 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.04.06 15:55:02 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.04.06 15:55:02 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.04.06 15:53:25 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.04.06 15:53:24 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.04.06 15:53:24 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.04.06 15:53:24 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.04.06 15:53:24 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.04.06 15:53:24 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.04.06 15:53:24 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.04.06 15:53:24 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.04.06 15:52:59 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.04.06 15:52:58 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.04.06 15:52:58 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.04.06 15:52:58 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.04.06 15:52:58 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.04.06 15:52:58 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.04.06 15:52:58 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.04.06 15:52:55 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.04.06 15:52:55 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.04.06 15:52:55 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.04.06 15:52:55 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.04.06 15:52:55 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.04.06 15:52:55 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.04.06 15:52:55 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.04.06 15:52:54 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.04.06 15:52:54 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.04.06 15:52:54 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.04.06 15:52:54 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.04.06 15:52:54 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.04.06 15:52:54 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.04.06 15:52:54 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.04.06 15:52:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.04.06 15:52:54 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.04.06 15:52:52 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.04.06 15:52:52 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.04.06 15:52:52 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.04.06 15:52:51 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.04.06 15:52:50 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.04.06 15:52:50 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.04.06 15:52:50 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.04.06 15:52:50 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.04.06 15:52:50 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.04.06 15:52:50 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.04.06 15:52:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.04.06 15:52:50 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.04.06 15:52:49 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.04.06 15:52:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.04.06 15:52:47 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.04.06 15:52:47 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.04.06 15:52:47 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.04.06 15:52:47 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.04.06 15:52:47 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.04.06 15:52:47 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.04.06 15:52:43 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.04.06 15:52:42 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.04.06 15:52:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.04.06 15:52:42 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.04.06 15:52:42 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.04.06 15:52:42 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.04.06 15:52:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.04.06 15:46:36 | 000,000,000 | R--D | C] -- C:\Users\Dome\Searches
[2010.04.06 15:46:22 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Identities
[2010.04.06 15:46:17 | 000,000,000 | R--D | C] -- C:\Users\Dome\Contacts
[2010.04.06 15:46:14 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\VirtualStore
[2010.04.06 15:46:05 | 000,000,000 | --SD | C] -- C:\Users\Dome\AppData\Roaming\Microsoft
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Videos
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Saved Games
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Pictures
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Music
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Links
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Favorites
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Downloads
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Documents
[2010.04.06 15:46:05 | 000,000,000 | R--D | C] -- C:\Users\Dome\Desktop
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Vorlagen
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\AppData\Local\Verlauf
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\AppData\Local\Temporary Internet Files
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Startmenü
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\SendTo
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Recent
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Netzwerkumgebung
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Lokale Einstellungen
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Documents\Eigene Videos
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Documents\Eigene Musik
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Eigene Dateien
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Documents\Eigene Bilder
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Druckumgebung
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Cookies
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\AppData\Local\Anwendungsdaten
[2010.04.06 15:46:05 | 000,000,000 | -HSD | C] -- C:\Users\Dome\Anwendungsdaten
[2010.04.06 15:46:05 | 000,000,000 | -H-D | C] -- C:\Users\Dome\AppData
[2010.04.06 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Temp
[2010.04.06 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Local\Microsoft
[2010.04.06 15:46:05 | 000,000,000 | ---D | C] -- C:\Users\Dome\AppData\Roaming\Media Center Programs
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.04.06 15:45:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.04.06 15:45:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.04.06 15:40:09 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.04.06 15:37:31 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.04.06 15:37:06 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2010.03.16 02:53:00 | 014,828,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.03.16 02:53:00 | 001,515,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.03.16 02:53:00 | 001,067,624 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.03.16 02:53:00 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.03.16 02:53:00 | 000,061,032 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll

========== Files - Modified Within 30 Days ==========

[2010.04.13 21:08:59 | 001,048,576 | -HS- | M] () -- C:\Users\Dome\ntuser.dat
[2010.04.13 20:12:34 | 000,001,768 | ---- | M] () -- C:\Users\Dome\Desktop\Defraggler.lnk
[2010.04.13 19:17:10 | 000,051,003 | ---- | M] () -- C:\Users\Dome\Desktop\ulz.jpg
[2010.04.13 16:49:09 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.13 16:49:09 | 000,013,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.13 16:46:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.04.13 16:42:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.13 16:41:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.13 16:41:43 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.13 16:40:44 | 002,149,344 | -H-- | M] () -- C:\Users\Dome\AppData\Local\IconCache.db
[2010.04.13 16:13:35 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.12 22:40:33 | 000,002,097 | ---- | M] () -- C:\Users\Dome\Desktop\HijackThis.lnk
[2010.04.12 16:28:54 | 000,002,289 | ---- | M] () -- C:\Users\Dome\Desktop\Play SpellForce 2 - Shadow Wars.lnk
[2010.04.12 15:34:08 | 000,018,048 | ---- | M] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2010.04.12 15:04:36 | 174,830,100 | ---- | M] () -- C:\Users\Dome\Desktop\spellforce2_update_v102.exe
[2010.04.09 16:32:15 | 000,001,234 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.04.08 19:37:26 | 000,001,160 | -H-- | M] () -- C:\Users\Dome\Desktop\$$JetTHM$$.cache
[2010.04.08 17:22:23 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.04.08 15:42:22 | 000,000,760 | ---- | M] () -- C:\Users\Dome\AppData\Roaming\setup_ldm.iss
[2010.04.08 15:39:43 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2010.04.08 15:37:35 | 000,001,751 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.04.08 15:25:10 | 000,000,188 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.04.08 15:25:09 | 000,000,138 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2010.04.08 15:25:07 | 000,000,168 | ---- | M] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.04.08 15:24:05 | 000,000,107 | ---- | M] () -- C:\Windows\System\Cmicnfg3.ini
[2010.04.07 20:30:39 | 000,319,488 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\HideWin.exe
[2010.04.07 20:11:34 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.07 20:11:34 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.07 20:11:34 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.07 20:11:34 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.07 20:11:34 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.07 00:17:10 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000002.regtrans-ms
[2010.04.07 00:17:10 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000001.regtrans-ms
[2010.04.07 00:17:10 | 000,065,536 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TM.blf
[2010.04.07 00:00:23 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000002.regtrans-ms
[2010.04.07 00:00:23 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000001.regtrans-ms
[2010.04.07 00:00:23 | 000,065,536 | -HS- | M] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TM.blf
[2010.04.06 23:32:23 | 000,033,134 | ---- | M] () -- C:\Users\Dome\AppData\Roaming\UserTile.png
[2010.04.06 20:44:55 | 000,001,861 | ---- | M] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2010.04.06 20:13:19 | 000,001,021 | ---- | M] () -- C:\Users\Dome\Desktop\JDownloader.lnk
[2010.04.06 20:12:43 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.06 20:12:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.06 20:12:43 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.06 20:12:42 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.04.06 19:48:50 | 000,002,009 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk
[2010.04.06 19:29:40 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.04.06 19:22:41 | 000,002,057 | ---- | M] () -- C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk
[2010.04.06 19:22:41 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Half-Life DigitalZone.lnk
[2010.04.06 19:19:25 | 000,001,923 | ---- | M] () -- C:\Users\Public\Desktop\Half-Life 2.lnk
[2010.04.06 19:17:28 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Source Dedicated Server.lnk
[2010.04.06 19:16:21 | 000,002,097 | ---- | M] () -- C:\Users\Public\Desktop\Quick Server.lnk
[2010.04.06 18:59:56 | 000,001,358 | ---- | M] () -- C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.04.06 18:52:32 | 000,001,825 | ---- | M] () -- C:\Users\Public\Desktop\jetAudio.lnk
[2010.04.06 18:29:54 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.04.06 17:01:29 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.04.06 16:49:11 | 000,057,560 | ---- | M] () -- C:\Users\Dome\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.06 16:38:52 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.06 16:36:06 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010.04.06 16:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.04.06 16:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.04.06 16:28:24 | 000,065,536 | -HS- | M] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.04.06 16:00:11 | 000,001,115 | ---- | M] () -- C:\Users\Dome\Desktop\Driver Genius Professional Edition.lnk
[2010.04.06 15:46:05 | 000,000,020 | -HS- | M] () -- C:\Users\Dome\ntuser.ini
[2010.04.06 15:40:57 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.04.06 15:40:57 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.16 08:51:59 | 021,005,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.03.16 08:51:59 | 016,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.03.16 08:51:59 | 015,227,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.03.16 08:51:59 | 011,906,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.03.16 08:51:59 | 011,647,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.03.16 08:51:59 | 009,386,088 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.03.16 08:51:59 | 006,279,784 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010.03.16 08:51:59 | 005,444,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.03.16 08:51:59 | 004,503,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.03.16 08:51:59 | 004,029,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.03.16 08:51:59 | 003,215,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010.03.16 08:51:59 | 002,907,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010.03.16 08:51:59 | 002,893,416 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.03.16 08:51:59 | 002,646,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.03.16 08:51:59 | 002,106,472 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.03.16 08:51:59 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.03.16 08:51:59 | 001,592,936 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010.03.16 08:51:59 | 001,296,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.03.16 08:51:59 | 000,930,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpinst.exe
[2010.03.16 08:51:59 | 000,657,512 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\NVUNINST.EXE
[2010.03.16 08:51:59 | 000,384,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.03.16 08:51:59 | 000,316,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1910.dll
[2010.03.16 08:51:59 | 000,239,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.03.16 08:51:59 | 000,064,616 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.03.16 08:51:59 | 000,056,424 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.03.16 08:51:59 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.03.16 08:51:59 | 000,009,832 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.03.16 02:53:00 | 014,828,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.03.16 02:53:00 | 001,515,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.03.16 02:53:00 | 001,067,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.03.16 02:53:00 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.03.16 02:53:00 | 000,061,032 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2010.03.16 02:52:54 | 000,276,196 | ---- | M] () -- C:\Windows\SysNative\NvApps.xml
[2010.03.16 02:52:54 | 000,066,714 | ---- | M] () -- C:\Windows\SysNative\NvwsApps.xml

========== Files Created - No Company Name ==========

[2010.04.13 19:17:09 | 000,051,003 | ---- | C] () -- C:\Users\Dome\Desktop\ulz.jpg
[2010.04.13 16:13:35 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.12 22:40:33 | 000,002,097 | ---- | C] () -- C:\Users\Dome\Desktop\HijackThis.lnk
[2010.04.12 16:28:54 | 000,002,289 | ---- | C] () -- C:\Users\Dome\Desktop\Play SpellForce 2 - Shadow Wars.lnk
[2010.04.12 14:29:41 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\drivers\lirsgt.sys
[2010.04.12 14:28:30 | 174,830,100 | ---- | C] () -- C:\Users\Dome\Desktop\spellforce2_update_v102.exe
[2010.04.09 16:32:15 | 000,001,234 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2010.04.08 19:37:26 | 000,001,160 | -H-- | C] () -- C:\Users\Dome\Desktop\$$JetTHM$$.cache
[2010.04.08 17:22:23 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.04.08 15:42:23 | 000,000,179 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\setup.log
[2010.04.08 15:42:22 | 000,000,760 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\setup_ldm.iss
[2010.04.08 15:39:43 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\Logitech-Maus- und -Tastatureinstellungen.lnk
[2010.04.08 15:37:35 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010.04.08 15:25:10 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP6.dll
[2010.04.08 15:25:09 | 001,144,983 | ---- | C] () -- C:\Windows\SysWow64\KB936225x64.msu
[2010.04.08 15:25:09 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CMICNFG3.cpl
[2010.04.08 15:25:07 | 000,792,576 | ---- | C] () -- C:\Windows\SysNative\Cmeaupci.exe
[2010.04.08 15:25:07 | 000,010,134 | ---- | C] () -- C:\Windows\cmeauPCI.ico
[2010.04.08 15:25:07 | 000,000,188 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfl
[2010.04.08 15:25:07 | 000,000,138 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2010.04.08 15:24:05 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2010.04.08 15:24:05 | 000,002,123 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.cfg
[2010.04.08 15:24:05 | 000,000,168 | ---- | C] () -- C:\Windows\Cmicnfg3.ini.imi
[2010.04.08 15:24:05 | 000,000,107 | ---- | C] () -- C:\Windows\System\Cmicnfg3.ini
[2010.04.08 15:24:04 | 000,002,754 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010.04.07 00:15:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000002.regtrans-ms
[2010.04.07 00:15:42 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TMContainer00000000000000000001.regtrans-ms
[2010.04.07 00:15:42 | 000,065,536 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{94637967-41c6-11df-a4f2-001617172530}.TM.blf
[2010.04.06 23:52:36 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000002.regtrans-ms
[2010.04.06 23:52:36 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TMContainer00000000000000000001.regtrans-ms
[2010.04.06 23:52:35 | 000,065,536 | -HS- | C] () -- C:\Users\Dome\ntuser.dat{2020af51-41c4-11df-bbf6-001617172530}.TM.blf
[2010.04.06 23:32:23 | 000,033,134 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\UserTile.png
[2010.04.06 21:56:44 | 000,007,143 | ---- | C] () -- C:\Windows\SysNative\nvide.nvu
[2010.04.06 21:56:12 | 000,004,984 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
[2010.04.06 20:44:55 | 000,001,861 | ---- | C] () -- C:\Users\Public\Desktop\avast! Antivirus.lnk
[2010.04.06 20:44:13 | 000,380,928 | ---- | C] () -- C:\Windows\SysWow64\actskin4.ocx
[2010.04.06 20:13:19 | 000,001,021 | ---- | C] () -- C:\Users\Dome\Desktop\JDownloader.lnk
[2010.04.06 19:22:41 | 000,002,057 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike 1.6 DigitalZone.lnk
[2010.04.06 19:22:41 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Half-Life DigitalZone.lnk
[2010.04.06 19:19:25 | 000,001,923 | ---- | C] () -- C:\Users\Public\Desktop\Half-Life 2.lnk
[2010.04.06 19:17:28 | 000,001,973 | ---- | C] () -- C:\Users\Public\Desktop\Source Dedicated Server.lnk
[2010.04.06 19:16:21 | 000,002,097 | ---- | C] () -- C:\Users\Public\Desktop\Quick Server.lnk
[2010.04.06 19:16:21 | 000,002,009 | ---- | C] () -- C:\Users\Public\Desktop\Counter-Strike Source.lnk
[2010.04.06 18:59:56 | 000,001,358 | ---- | C] () -- C:\Users\Dome\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.04.06 18:52:32 | 000,001,825 | ---- | C] () -- C:\Users\Public\Desktop\jetAudio.lnk
[2010.04.06 18:34:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.04.06 18:29:54 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.04.06 17:01:29 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.04.06 17:01:28 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.04.06 17:01:28 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.04.06 16:59:29 | 000,001,768 | ---- | C] () -- C:\Users\Dome\Desktop\Defraggler.lnk
[2010.04.06 16:38:52 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.06 16:36:06 | 000,008,192 | RHS- | C] () -- C:\BOOTSECT.BAK
[2010.04.06 16:36:05 | 000,383,562 | RHS- | C] () -- C:\bootmgr
[2010.04.06 16:15:09 | 000,009,832 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.04.06 16:00:11 | 000,001,115 | ---- | C] () -- C:\Users\Dome\Desktop\Driver Genius Professional Edition.lnk
[2010.04.06 15:46:05 | 001,048,576 | -HS- | C] () -- C:\Users\Dome\ntuser.dat
[2010.04.06 15:46:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.04.06 15:46:05 | 000,524,288 | -HS- | C] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.04.06 15:46:05 | 000,262,144 | -HS- | C] () -- C:\Users\Dome\ntuser.dat.LOG1
[2010.04.06 15:46:05 | 000,065,536 | -HS- | C] () -- C:\Users\Dome\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.04.06 15:46:05 | 000,000,020 | -HS- | C] () -- C:\Users\Dome\ntuser.ini
[2010.04.06 15:46:05 | 000,000,000 | -HS- | C] () -- C:\Users\Dome\ntuser.dat.LOG2
[2010.04.06 15:37:08 | 1610,260,480 | -HS- | C] () -- C:\hiberfil.sys
[2010.03.16 02:52:54 | 000,276,196 | ---- | C] () -- C:\Windows\SysNative\NvApps.xml
[2010.03.16 02:52:54 | 000,066,714 | ---- | C] () -- C:\Windows\SysNative\NvwsApps.xml
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.14 07:45:20 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
< End of report >

Alt 13.04.2010, 20:24   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
ATTFilter
:OTL
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
[2010.04.06 21:56:12 | 000,004,984 | ---- | C] () -- C:\Windows\SysNative\drivers\nvphy.bin
:Commands
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.04.2010, 21:12   #14
ItSmE1991
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



sooo auch der ist erstellt




All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
C:\Windows\SysNative\drivers\nvphy.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 50051 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Dome
->Temp folder emptied: 181322776 bytes
->Temporary Internet Files folder emptied: 43935755 bytes
->Java cache emptied: 12118713 bytes
->FireFox cache emptied: 116120701 bytes
->Flash cache emptied: 25506 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 43466369 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 379,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04142010_220806

Files\Folders moved on Reboot...
C:\Users\Dome\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 14.04.2010, 21:23   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.parite. In Winrar. logfile erstellt! - Standard

Win32.parite. In Winrar. logfile erstellt!



Sieht ok aus. Mach bitte Vollscans zur Kontrolle mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Win32.parite. In Winrar. logfile erstellt!
antivirus, ask toolbar, ask.com, avast, avast!, bho, cdburnerxp, dll, explorer, firefox, helper, hijack, hijackthis, hijackthis logfile, icq, internet, internet explorer, logfile, lsass.exe, microsoft, mozilla, nvidia, object, ordner, rundll, software, syswow64, updates, windows, wmp



Ähnliche Themen: Win32.parite. In Winrar. logfile erstellt!


  1. GVU Trojaner Logfile bereits mit frst erstellt
    Log-Analyse und Auswertung - 30.07.2013 (1)
  2. 50Euro Virus - Win7 / 64 - OTL Logfile erstellt nach Anleitung erstellt
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (2)
  3. Win32/Parite - nervenaufreibende Probleme
    Plagegeister aller Art und deren Bekämpfung - 13.02.2011 (1)
  4. Win32/Parite + langsamer PC!
    Plagegeister aller Art und deren Bekämpfung - 23.10.2009 (10)
  5. logfile erstellt wegen msa.exe b.exe.....
    Log-Analyse und Auswertung - 10.10.2009 (12)
  6. logfile erstellt wegen TR/ATRAPS.gen
    Log-Analyse und Auswertung - 07.10.2009 (5)
  7. Virus Win32.Parite.
    Mülltonne - 19.12.2008 (1)
  8. WIN32 PARITE - was ist mit Infizierten .exe Datein
    Plagegeister aller Art und deren Bekämpfung - 05.07.2008 (11)
  9. HiJackThis-Logfile erstellt...BITTE UM AUSWERTUNG!!!!!!!
    Mülltonne - 13.01.2008 (0)
  10. Win32.Parite.B , Win32.Heuric1714 Hilfe
    Mülltonne - 21.11.2007 (0)
  11. So, zurück im Leben und Logfile erstellt
    Log-Analyse und Auswertung - 03.11.2007 (1)
  12. Hallo - hab mal ein Logfile erstellt
    Log-Analyse und Auswertung - 12.09.2007 (3)
  13. AV hat Trojaner entdeckt-Logfile erstellt
    Log-Analyse und Auswertung - 06.06.2007 (10)
  14. win32.parite.b nicht runterzubekommen
    Log-Analyse und Auswertung - 27.07.2006 (3)
  15. WIN32/parite - Dringend hilfe benötigt
    Plagegeister aller Art und deren Bekämpfung - 22.06.2005 (1)
  16. Win32.Parite.b
    Plagegeister aller Art und deren Bekämpfung - 16.11.2004 (1)
  17. WIN32 PARITE
    Plagegeister aller Art und deren Bekämpfung - 05.03.2003 (3)

Zum Thema Win32.parite. In Winrar. logfile erstellt! - also seit gestern/heute meint mein avast das in meinem winrar ordner C:\Program Files\WinRAR\scvhost.exe das befindet. und sagt auserdem Win32:Parite. doch soweit ich weis ist das eigentlich ein windows dienst für - Win32.parite. In Winrar. logfile erstellt!...
Archiv
Du betrachtest: Win32.parite. In Winrar. logfile erstellt! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.