Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Internetexplorer poppt auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.04.2010, 19:14   #1
His Airne$$
 
Internetexplorer poppt auf - Standard

Internetexplorer poppt auf



Bei mir poppt immer der IE auf mit unseriösen Seiten.
Habe Windows 7 Ultimate und dieses auch schon neu aufgesetzt, das Problem bleibt aber weiterhin bestehen.

HiJack gibt folgenden Log.

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:10:29, on 14.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\Slomaa.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe
C:\Users\HISAIR~1\AppData\Local\Temp\Ssr.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TrendMicro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\HISAIR~1\AppData\Local\Temp\Ssr.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O13 - Gopher Prefix:
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5292 bytes


Kann jemand helfen?

Danke im Vorraus

Alt 15.04.2010, 09:22   #2
Chris4You
 
Internetexplorer poppt auf - Standard

Internetexplorer poppt auf



Hi,

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

Leider läuft GMER nicht unter Win7....

TDSS-Killer
Download und Anweisung unter: http://www.trojaner-board.de/82358-t...tml#post640150
Entpacke alle Dateien!

Start.bat erstellen:
Start->alle Programme->Zubehör->Editor und kopiere folgenden Text rein:
Code:
ATTFilter
@ECHO OFF
TDSSKiller.exe -l report.txt -v
DEL %0
         
  • Speichern als: start.bat
  • abspeichern unter : Dateityp: alle Dateien
  • speichere die Datei im Ordner wo auch TDSSKiller.exe steht
  • Doppelklick start.bat
TDSSKiller.exe wird gestartet und ein Log erzeugen(report.txt).
Wenn TDSSKiller fertig ist poste den Inhalt der report.txt.

chris
Für mich:
O4 - HKCU\..\Run: [YVIBBBHA8C] C:\Users\HISAIR~1\AppData\Local\Temp\Ssr.exe
F2 - REG:system.ini: UserInit=userinit.exe?
C:\Windows\Slomaa.exe
__________________

__________________

Alt 15.04.2010, 11:32   #3
His Airne$$
 
Internetexplorer poppt auf - Standard

Internetexplorer poppt auf



Vielen Dank erstmal für die schnelle Hilfe.
Habe Malwarebytes und OTL laufen lassen, TDSSKiller läuft nicht da ich eine x64 Version von Windows besitze.
Malwarebytes hat auch gleich 9 Unerwünschte Programme bzw. Trojaner erkannt und entfernnt.
Hier das log von Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3989

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.04.2010 10:27:36
mbam-log-2010-04-15 (10-27-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|L:\|M:\|S:\|)
Durchsuchte Objekte: 334332
Laufzeit: 33 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
D:\Main\ALL Meikel Need\Total Copy.exe (Trojan.FlashKiller) -> Quarantined and deleted successfully.
D:\Main\Programme und Tools\Benchmarks\ÄÖhhhhh\fr-041_debris.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
D:\Main\Programme und Tools\Benchmarks\ÄÖhhhhh\pno0001.exe (Malware.Packer.Krunchy) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.



OTL hat folgende logs ausgespuckt:

OTL:
OTL logfile created on: 15.04.2010 10:34:10 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\His Airne$$\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 72,31 Gb Free Space | 74,05% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 223,48 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 369,10 Gb Free Space | 39,62% Space Free | Partition Type: NTFS
Drive F: | 3,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 368,10 Gb Total Space | 343,59 Gb Free Space | 93,34% Space Free | Partition Type: NTFS
Drive H: | 149,05 Gb Total Space | 5,15 Gb Free Space | 3,45% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive S: | 931,51 Gb Total Space | 111,47 Gb Free Space | 11,97% Space Free | Partition Type: NTFS

Computer Name: FEENA
Current User Name: His Airne$$
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\His Airne$$\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe (Realtime Soft Ltd)
PRC - C:\Program Files (x86)\Winamp\winampa.exe ()
PRC - C:\Programme\Logitech\GamePanel Software\LCD Manager\Applets\LCDMedia.exe (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\His Airne$$\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\UltraMon\RTSUltraMonHookX32.dll (Realtime Soft Ltd)
MOD - C:\Programme\UltraMon\UltraMonResButtons.dll (Realtime Soft Ltd)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (CSC) -- C:\Windows\CSC [2010.04.14 18:13:32 | 000,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (UltraMonUtility) -- C:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys (Realtime Soft Ltd)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "hxxp://hotmail.com/"
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: allglassv2@ambroos.neowin.net:2.1.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.14 18:21:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.14 23:21:19 | 000,000,000 | ---D | M]

[2010.04.14 18:21:44 | 000,000,000 | ---D | M] -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Extensions
[2010.04.15 01:05:23 | 000,000,000 | ---D | M] -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions
[2010.04.14 19:19:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.14 19:19:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.14 19:49:59 | 000,000,000 | ---D | M] -- C:\Users\His Airne$$\AppData\Roaming\mozilla\Firefox\Profiles\2juwi55n.default\extensions\allglassv2@ambroos.neowin.net
[2010.04.15 01:05:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 195.71.143.51 193.189.244.205
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.07.14 13:08:11 | 000,000,043 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{48a0abde-47fc-11df-8483-0023543c71e3}\Shell - "" = AutoRun
O33 - MountPoints2\{48a0abde-47fc-11df-8483-0023543c71e3}\Shell\AutoRun\command - "" = L:\LaunchU3.exe -- File not found
O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell - "" = AutoRun
O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell\AutoRun\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell\configure\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\{b0efef97-47f8-11df-8a7c-0023543c71e3}\Shell\install\command - "" = I:\SETUP.EXE -- File not found
O33 - MountPoints2\{b0efef98-47f8-11df-8a7c-0023543c71e3}\Shell - "" = AutoRun
O33 - MountPoints2\{b0efef98-47f8-11df-8a7c-0023543c71e3}\Shell\AutoRun\command - "" = J:\start.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.15 10:33:32 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\His Airne$$\Desktop\OTL.exe
[2010.04.15 09:24:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2010.04.15 09:24:47 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2010.04.15 09:24:35 | 000,234,496 | ---- | C] (CANON INC.) -- C:\Windows\SysNative\CNMLM79.DLL
[2010.04.15 09:24:28 | 000,000,000 | -H-D | C] -- C:\Programme\CanonBJ
[2010.04.15 09:11:32 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Malwarebytes
[2010.04.15 09:11:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.15 09:11:25 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.15 09:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.15 09:11:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes
[2010.04.15 08:44:09 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.04.14 23:39:47 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\dvdcss
[2010.04.14 23:21:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.04.14 23:21:19 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.04.14 23:21:19 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.14 23:21:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.14 23:21:19 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.14 23:21:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.04.14 22:47:22 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Realtime Soft
[2010.04.14 22:47:20 | 000,000,000 | ---D | C] -- C:\Programme\UltraMon
[2010.04.14 22:47:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2010.04.14 22:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Realtime Soft
[2010.04.14 22:01:55 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Avira
[2010.04.14 21:25:19 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\ElevatedDiagnostics
[2010.04.14 21:19:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.04.14 21:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.04.14 21:18:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.04.14 21:17:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.04.14 21:17:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010.04.14 21:16:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.04.14 21:12:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2010.04.14 21:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio
[2010.04.14 21:12:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010.04.14 21:12:40 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.04.14 21:12:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010.04.14 21:11:33 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Alt.Binz
[2010.04.14 21:11:18 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.04.14 21:10:56 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Microsoft Help
[2010.04.14 21:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2010.04.14 21:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.04.14 21:10:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.04.14 21:04:28 | 000,285,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\cudart.dll
[2010.04.14 21:04:28 | 000,027,136 | ---- | C] (CPUID) -- C:\Windows\SysWow64\PCWizard.cpl
[2010.04.14 21:04:28 | 000,000,000 | ---D | C] -- C:\Windows\Java
[2010.04.14 21:04:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CPUID
[2010.04.14 21:03:04 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\WinRAR
[2010.04.14 21:02:50 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.04.14 21:01:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010.04.14 21:01:19 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\DAEMON Tools Lite
[2010.04.14 21:01:17 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.04.14 20:56:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.04.14 20:56:45 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.04.14 20:56:36 | 002,719,504 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2010.04.14 20:56:36 | 001,943,584 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010.04.14 20:56:36 | 000,612,384 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.04.14 20:56:36 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010.04.14 20:56:36 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010.04.14 20:56:36 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010.04.14 20:56:36 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010.04.14 20:56:36 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010.04.14 20:56:35 | 002,197,264 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2010.04.14 20:56:35 | 001,660,960 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010.04.14 20:56:35 | 001,325,328 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2010.04.14 20:56:35 | 001,210,912 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010.04.14 20:56:35 | 001,178,384 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2010.04.14 20:56:35 | 001,110,800 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2010.04.14 20:56:35 | 000,504,592 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2010.04.14 20:56:35 | 000,489,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2010.04.14 20:56:35 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010.04.14 20:56:35 | 000,474,896 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2010.04.14 20:56:35 | 000,372,936 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2010.04.14 20:56:35 | 000,331,168 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.04.14 20:56:35 | 000,325,904 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.04.14 20:56:35 | 000,315,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2010.04.14 20:56:35 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010.04.14 20:56:35 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010.04.14 20:56:35 | 000,268,560 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2010.04.14 20:56:35 | 000,265,488 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2010.04.14 20:56:35 | 000,201,928 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2010.04.14 20:56:35 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010.04.14 20:56:35 | 000,123,664 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2010.04.14 20:56:35 | 000,123,152 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2010.04.14 20:56:35 | 000,122,128 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2010.04.14 20:56:35 | 000,099,016 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2010.04.14 20:56:35 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2010.04.14 20:56:35 | 000,069,664 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010.04.14 20:56:34 | 000,168,288 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010.04.14 20:56:34 | 000,108,960 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010.04.14 20:56:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2010.04.14 20:56:33 | 001,247,776 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.04.14 20:56:33 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010.04.14 20:22:45 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.04.14 20:22:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CS 1.6
[2010.04.14 20:22:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.04.14 20:01:11 | 001,628,920 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxsfs.dll
[2010.04.14 20:01:11 | 000,547,576 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\px.dll
[2010.04.14 20:01:11 | 000,510,712 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxdrv.dll
[2010.04.14 20:01:11 | 000,379,640 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxwave.dll
[2010.04.14 20:01:11 | 000,187,128 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxmas.dll
[2010.04.14 20:01:11 | 000,129,784 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxafs.dll
[2010.04.14 20:01:11 | 000,072,440 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxhpinst.exe
[2010.04.14 20:01:11 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxinsa64.exe
[2010.04.14 20:01:11 | 000,064,760 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\pxcpya64.exe
[2010.04.14 20:01:11 | 000,039,672 | ---- | C] (Sonic Solutions) -- C:\Windows\SysWow64\vxblock.dll
[2010.04.14 20:01:10 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Winamp
[2010.04.14 20:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2010.04.14 19:50:31 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Logitech
[2010.04.14 19:50:18 | 000,000,000 | ---D | C] -- C:\Programme\Logitech
[2010.04.14 19:50:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.04.14 19:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010.04.14 19:39:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrendMicro
[2010.04.14 19:32:09 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\vlc
[2010.04.14 19:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
[2010.04.14 19:18:08 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.04.14 19:18:08 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.04.14 19:18:08 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.04.14 19:18:08 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.04.14 19:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.14 19:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.04.14 19:16:15 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Macromedia
[2010.04.14 19:16:15 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Adobe
[2010.04.14 19:12:22 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010.04.14 18:55:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010.04.14 18:32:11 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\ATI
[2010.04.14 18:32:11 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\ATI
[2010.04.14 18:32:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.04.14 18:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2010.04.14 18:27:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI
[2010.04.14 18:27:45 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010.04.14 18:27:33 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.04.14 18:27:05 | 000,000,000 | ---D | C] -- C:\ATI
[2010.04.14 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Mozilla
[2010.04.14 18:21:40 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Mozilla
[2010.04.14 18:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.04.14 18:21:03 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.04.14 18:20:03 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Searches
[2010.04.14 18:19:56 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Identities
[2010.04.14 18:19:55 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Contacts
[2010.04.14 18:19:53 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\VirtualStore
[2010.04.14 18:19:46 | 000,000,000 | --SD | C] -- C:\Users\His Airne$$\AppData\Roaming\Microsoft
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Videos
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Saved Games
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Pictures
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Music
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Links
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Favorites
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Downloads
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Documents
[2010.04.14 18:19:46 | 000,000,000 | R--D | C] -- C:\Users\His Airne$$\Desktop
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Vorlagen
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\AppData\Local\Verlauf
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\AppData\Local\Temporary Internet Files
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Startmenü
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\SendTo
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Recent
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Netzwerkumgebung
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Lokale Einstellungen
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Documents\Eigene Videos
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Documents\Eigene Musik
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Eigene Dateien
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Documents\Eigene Bilder
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Druckumgebung
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Cookies
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\AppData\Local\Anwendungsdaten
[2010.04.14 18:19:46 | 000,000,000 | -HSD | C] -- C:\Users\His Airne$$\Anwendungsdaten
[2010.04.14 18:19:46 | 000,000,000 | -H-D | C] -- C:\Users\His Airne$$\AppData
[2010.04.14 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Temp
[2010.04.14 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Local\Microsoft
[2010.04.14 18:19:46 | 000,000,000 | ---D | C] -- C:\Users\His Airne$$\AppData\Roaming\Media Center Programs
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.04.14 18:19:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.04.14 18:13:20 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010.04.14 18:13:04 | 000,000,000 | -HSD | C] -- C:\System Volume Information

========== Files - Modified Within 30 Days ==========

[2010.04.15 10:34:54 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 10:34:54 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 10:33:36 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\His Airne$$\Desktop\OTL.exe
[2010.04.15 10:29:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.15 10:29:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.15 10:29:43 | 3220,475,904 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.15 10:28:44 | 001,048,576 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT
[2010.04.15 10:28:39 | 003,328,178 | -H-- | M] () -- C:\Users\His Airne$$\AppData\Local\IconCache.db
[2010.04.15 09:15:14 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.15 09:15:14 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.15 09:15:14 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.15 09:15:14 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.15 09:15:14 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.14 23:21:14 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deploytk.dll
[2010.04.14 23:21:14 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.14 23:21:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.14 23:21:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.14 22:47:20 | 000,002,585 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010.04.14 21:22:32 | 000,084,136 | ---- | M] () -- C:\Users\His Airne$$\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.14 21:21:47 | 002,271,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.04.14 21:02:07 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.04.14 19:50:26 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf
[2010.04.14 18:47:17 | 000,158,720 | ---- | M] () -- C:\Windows\Slomaa.exe
[2010.04.14 18:47:09 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.14 18:31:50 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2010.04.14 18:31:03 | 000,524,288 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.04.14 18:31:03 | 000,524,288 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.04.14 18:31:03 | 000,065,536 | -HS- | M] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.04.14 18:19:46 | 000,000,020 | -HS- | M] () -- C:\Users\His Airne$$\ntuser.ini
[2010.04.14 18:17:23 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.04.14 18:17:23 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.04.06 17:59:00 | 001,943,584 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010.04.06 17:59:00 | 001,660,960 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010.04.06 17:59:00 | 001,210,912 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010.04.06 17:59:00 | 000,612,384 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.04.06 17:59:00 | 000,476,192 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010.04.06 17:59:00 | 000,332,320 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010.04.06 17:59:00 | 000,149,536 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010.04.06 17:59:00 | 000,069,664 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010.03.30 20:35:00 | 000,331,168 | ---- | M] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.22 14:22:00 | 001,247,776 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll

========== Files Created - No Company Name ==========

[2010.04.14 22:47:20 | 000,002,585 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UltraMon.lnk
[2010.04.14 21:04:28 | 000,327,168 | ---- | C] () -- C:\Windows\SysWow64\cutil32.dll
[2010.04.14 21:02:07 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.04.14 19:50:26 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_LgLcdSSDriver_01_00_00.Wdf
[2010.04.14 18:47:20 | 000,158,720 | ---- | C] () -- C:\Windows\Slomaa.exe
[2010.04.14 18:47:09 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.14 18:31:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.04.14 18:19:46 | 001,048,576 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT
[2010.04.14 18:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.04.14 18:19:46 | 000,524,288 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.04.14 18:19:46 | 000,262,144 | -HS- | C] () -- C:\Users\His Airne$$\ntuser.dat.LOG1
[2010.04.14 18:19:46 | 000,065,536 | -HS- | C] () -- C:\Users\His Airne$$\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.04.14 18:19:46 | 000,000,020 | -HS- | C] () -- C:\Users\His Airne$$\ntuser.ini
[2010.04.14 18:19:46 | 000,000,000 | -HS- | C] () -- C:\Users\His Airne$$\ntuser.dat.LOG2
[2010.04.14 18:13:04 | 3220,475,904 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

Extras:
OTL Extras logfile created on: 15.04.2010 10:34:10 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\His Airne$$\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 70,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 82,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 72,31 Gb Free Space | 74,05% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 223,48 Gb Free Space | 23,99% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 369,10 Gb Free Space | 39,62% Space Free | Partition Type: NTFS
Drive F: | 3,67 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 368,10 Gb Total Space | 343,59 Gb Free Space | 93,34% Space Free | Partition Type: NTFS
Drive H: | 149,05 Gb Total Space | 5,15 Gb Free Space | 3,45% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded
Drive S: | 931,51 Gb Total Space | 111,47 Gb Free Space | 11,97% Space Free | Partition Type: NTFS

Computer Name: FEENA
Current User Name: His Airne$$
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5200" = Canon iP5200
"{23F108F0-BD12-A639-8C6E-BB1F7AF736C1}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{7598C430-8B00-4447-A710-0DDA0770370A}" = Logitech GamePanel Software 2.00
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}" = HiJackThis
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{29F05234-DCBB-4FE0-88DC-5160C9250312}" = Adobe Photoshop CS3
"{36D8A747-3FC1-121F-6C92-2F79A9B3172D}" = Catalyst Control Center Graphics Full New
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{89D16846-7491-A3C3-89D9-006906602FA2}" = Catalyst Control Center Graphics Previews Common
"{8CDCDD72-388E-0A2A-4847-873C448033EA}" = Catalyst Control Center Graphics Previews Vista
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{00C5525B-3CB3-467D-8100-2E6FB306CD86}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DC3F66CA-9DFD-41EA-9D9E-FD86F1446A3D}" = Catalyst Control Center Core Implementation
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E25BEA72-89F8-121D-5481-0347B9446673}" = ccc-core-static
"{E288FAEB-D102-0ACA-DF6A-9BD3C90FA08B}" = Catalyst Control Center HydraVision Full
"{E4D35928-2C24-A87E-8240-CC7E25548F52}" = Catalyst Control Center Graphics Full Existing
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E76CDA48-6FB1-49C5-0769-7B9444664056}" = Catalyst Control Center Graphics Light
"{EB3B36B9-E1F4-81BA-BEB5-4FB07D4CEE39}" = Catalyst Control Center InstallProxy
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5E0B89C-AABA-639D-B6F5-C3FB085FB120}" = CCC Help English
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ENTERPRISE" = Microsoft Office Enterprise 2007
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"PC Wizard 2010_is1" = PC Wizard 2010.1.93
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.04.2010 13:17:12 | Computer Name = Feena | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Users\HISAIR~1\AppData\Local\Temp\RarSFX0\redist.dll".
Die
abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.4148""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 14.04.2010 14:30:38 | Computer Name = Feena | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl.exe, Version: 1.1.1.1, Zeitstempel:
0x3fd11900 Name des fehlerhaften Moduls: serverbrowser.dll_unloaded, Version: 0.0.0.0,
Zeitstempel: 0x4015add6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0f727720 ID des fehlerhaften
Prozesses: 0x9d0 Startzeit der fehlerhaften Anwendung: 0x01cadc00855adaa3 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\CS 1.6\hl.exe Pfad des fehlerhaften
Moduls: serverbrowser.dll Berichtskennung: d21a1b1a-47f3-11df-bb49-0023543c71e3

Error - 14.04.2010 15:01:53 | Computer Name = Feena | Source = VSS | ID = 8194
Description =

Error - 14.04.2010 16:46:10 | Computer Name = Feena | Source = MsiInstaller | ID = 10005
Description =

Error - 14.04.2010 16:46:13 | Computer Name = Feena | Source = MsiInstaller | ID = 10005
Description =

[ System Events ]
Error - 14.04.2010 14:25:52 | Computer Name = Feena | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?14.?04.?2010 um 20:23:26 unerwartet heruntergefahren.

Error - 14.04.2010 15:39:30 | Computer Name = Feena | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 14.04.2010 15:39:31 | Computer Name = Feena | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 14.04.2010 15:39:31 | Computer Name = Feena | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error - 14.04.2010 16:14:58 | Computer Name = Feena | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.

Error - 14.04.2010 16:14:59 | Computer Name = Feena | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.

Error - 14.04.2010 16:15:00 | Computer Name = Feena | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR8 gefunden.

Error - 15.04.2010 03:28:47 | Computer Name = Feena | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error - 15.04.2010 03:28:47 | Computer Name = Feena | Source = cdrom | ID = 262159
Description = Das Gerät \Device\CdRom0 ist für den Zugriff noch nicht bereit.

Error - 15.04.2010 03:28:48 | Computer Name = Feena | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.


< End of report >
__________________

Alt 15.04.2010, 12:33   #4
Chris4You
 
Internetexplorer poppt auf - Standard

Internetexplorer poppt auf



Hi,

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\Slomaa.exe
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

Was macht der Rechner?

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 15.04.2010, 18:18   #5
His Airne$$
 
Internetexplorer poppt auf - Standard

Internetexplorer poppt auf



So Virus Total und CureIT sind durchgelaufen hier mal die logs.

Virus Total:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.15 -
AhnLab-V3 5.0.0.2 2010.04.15 -
AntiVir 7.10.6.108 2010.04.15 -
Antiy-AVL 2.0.3.7 2010.04.15 -
Authentium 5.2.0.5 2010.04.15 W32/FakeAlert.FY.gen!Eldorado
Avast 4.8.1351.0 2010.04.14 -
Avast5 5.0.332.0 2010.04.14 -
AVG 9.0.0.787 2010.04.15 Downloader.Generic9.BPSZ
BitDefender 7.2 2010.04.15 -
CAT-QuickHeal 10.00 2010.04.15 -
ClamAV 0.96.0.3-git 2010.04.15 -
Comodo 4606 2010.04.15 -
DrWeb 5.0.2.03300 2010.04.15 -
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7427 2010.04.15 -
F-Prot 4.5.1.85 2010.04.15 W32/FakeAlert.FY.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.15 -
Fortinet 4.0.14.0 2010.04.15 -
GData 19 2010.04.15 -
Ikarus T3.1.1.80.0 2010.04.15 -
Jiangmin 13.0.900 2010.04.15 -
Kaspersky 7.0.0.125 2010.04.15 -
McAfee 5.400.0.1158 2010.04.15 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.04.15 -
Microsoft 1.5605 2010.04.15 -
NOD32 5030 2010.04.15 a variant of Win32/Kryptik.DRG
Norman 6.04.11 2010.04.15 -
nProtect 2010-04-15.02 2010.04.15 -
Panda 10.0.2.7 2010.04.15 Suspicious file
PCTools 7.0.3.5 2010.04.15 -
Prevx 3.0 2010.04.15 High Risk Cloaked Malware
Rising 22.43.03.04 2010.04.15 -
Sophos 4.52.0 2010.04.15 Mal/FakeAV-CX
Sunbelt 6179 2010.04.15 VirTool.Win32.Obfuscator.hg!b (v)
Symantec 20091.2.0.41 2010.04.15 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.262 2010.04.15 -
TrendMicro 9.120.0.1004 2010.04.15 TROJ_RENOS.SMDE
VBA32 3.12.12.4 2010.04.15 -
ViRobot 2010.4.15.2278 2010.04.15 -
VirusBuster 5.0.27.0 2010.04.15 Trojan.Codecpack.Gen.4
weitere Informationen
File size: 158720 bytes
MD5...: cfdf19c6f20edb9d69e27446173c1067
SHA1..: 9d90ae8cd16e496daed6bcd5a8fc355203e897e1
SHA256: b8cec8c7348daebf516275a804b86bfd9cc4e0fa957e427f7d4977cb51c0d390
ssdeep: 3072:FjtxuVllaNFM6xe9g1/xCsAbErjxQg6y/RYLwaxG1RxNt9:0aB+jCr9Qgp/
RYMaERx
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4a2c
timedatestamp.....: 0x49ef748d (Wed Apr 22 19:48:29 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
text 0x1000 0x910f 0x9200 6.00 e17bedbb2319c632ce9a9f5e6ef1d947
.rdata 0xb000 0x34caa 0x1ce00 7.49 6e27fa2d347e95b2bb46d0bf8a2db3db
DATA 0x40000 0x174 0x200 0.00 bf619eac0cdf3f68d496ea9344137e8b
BSS 0x41000 0x330 0x400 0.00 0f343b0931126a20f133d67c2b018a3b

( 8 imports )
> msvcrt.dll: pow, mbstowcs, wcschr, swprintf, strcmp, log, tolower, time, rand, atol, sqrt, memcpy, memmove
> NTDLL.DLL: NtWaitForSingleObject, atol, RtlDeleteCriticalSection, _wcsnicmp, wcscat
> oleaut32.dll: VariantCopyInd, SafeArrayCreate, SafeArrayGetElement, SafeArrayGetUBound, GetErrorInfo, SysFreeString
> KERNEL32.DLL: GetOEMCP, VirtualAllocEx, LoadLibraryExA, SizeofResource, CreateEventA, GlobalAlloc, GetCurrentThread, LoadLibraryA, GetFileAttributesA, GetModuleHandleA, GetSystemDefaultLangID, SetFilePointer, GetCurrentThreadId, SetEndOfFile, FormatMessageA, GetProcAddress, VirtualQuery, ReadFile, GetVersion, ExitProcess, GetCommandLineA, lstrcpynA, WriteFile, VirtualAlloc, GetCurrentProcessId, InitializeCriticalSection
> USER32.DLL: DefFrameProcA, TrackPopupMenu, GetIconInfo, DrawIcon, DrawEdge, SetWindowLongA, CallWindowProcA, GetClientRect, GetScrollPos, EnableWindow, EqualRect, EndPaint, GetScrollRange, GetCursor, DrawTextA, IsWindowEnabled, FrameRect, FillRect, GetCursorPos, EnumChildWindows, GetLastActivePopup, GetKeyState, RegisterClassA, IsWindowVisible, IsDialogMessageA, CheckMenuItem, SetTimer, GetSysColorBrush, IsChild
> COMDLG32.DLL: GetFileTitleA, FindTextA
> COMCTL32.DLL: ImageList_Draw, ImageList_Write, ImageList_Create, ImageList_GetBkColor, ImageList_Destroy, ImageList_DrawEx
> VERSION.DLL: VerQueryValueA, VerInstallFileA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (60.8%)
Win32 Executable Generic (13.7%)
Win32 Dynamic Link Library (generic) (12.2%)
Win16/32 Executable Delphi generic (3.3%)
Clipper DOS Executable (3.2%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=AFE7418C00DA575F6C0F02DB8329EB00A37D0E8A' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=AFE7418C00DA575F6C0F02DB8329EB00A37D0E8A</a>


und hier noch die Ausschnitte aus Cureit:

>>>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\48af819b.qua/data001 infiziert mit BackDoor.Click.983
>C:\Documents and Settings\All Users\Anwendungsdaten\Avira\AntiVir Desktop\INFECTED\48af819b.qua - Archiv enthält infizierte Objekte - verschoben

>>>C:\Documents and Settings\His Airne$$\DoctorWeb\Quarantine\48af819b.qua/data001 infiziert mit BackDoor.Click.983
>C:\Documents and Settings\His Airne$$\DoctorWeb\Quarantine\48af819b.qua - Archiv enthält infizierte Objekte - verschoben


Alt 15.04.2010, 18:54   #6
Chris4You
 
Internetexplorer poppt auf - Standard

Internetexplorer poppt auf



Hi,

  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
ATTFilter
:OTL
[2010.04.14 18:47:20 | 000,158,720 | ---- | C] () -- C:\Windows\Slomaa.exe
:Commands
[emptytemp]
[Reboot]
         
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Superantispyware:
Anleitung&Download hier: http://www.trojaner-board.de/51871-a...tispyware.html

Sieht so aus, als ob eine Deiner SW die Du installiert hast, Träger der Infektion ist...

chris
__________________
--> Internetexplorer poppt auf

Antwort

Themen zu Internetexplorer poppt auf
antivir, antivir guard, avg, avira, desktop, explorer, firefox, hijackthis, internet, internet explorer, local\temp, lsass.exe, micro, microsoft, mozilla, neu, neu aufgesetzt, problem, seite, software, spoolsv.exe, system32, syswow64, temp, userinit, windows, windows 7 ultimate, windows media player, wmp



Ähnliche Themen: Internetexplorer poppt auf


  1. Win8: Sicherheitsmeldung poppt ganz kurz auf.
    Plagegeister aller Art und deren Bekämpfung - 04.04.2015 (15)
  2. Mac OSX: Werbung poppt auf und wird überall angezeigt
    Alles rund um Mac OSX & Linux - 16.03.2015 (14)
  3. Loadit. exe poppt permanent auf
    Log-Analyse und Auswertung - 05.03.2015 (17)
  4. dllhost.exe poppt alle 10-20 Sekunden auf
    Log-Analyse und Auswertung - 28.01.2015 (13)
  5. Werbung Poppt im Browser (Crome) auf Windows 7 64 bit
    Log-Analyse und Auswertung - 20.06.2014 (7)
  6. Windows Power Shell poppt selbständig auf
    Plagegeister aller Art und deren Bekämpfung - 23.11.2013 (11)
  7. MonsterMarketplace.com-Fenster poppt auf!
    Plagegeister aller Art und deren Bekämpfung - 08.10.2013 (14)
  8. Ständig poppt Werbung auf bei Benutzung von Firefox
    Plagegeister aller Art und deren Bekämpfung - 10.07.2013 (19)
  9. AdServerplus.com poppt im Firefox auf
    Plagegeister aller Art und deren Bekämpfung - 05.07.2013 (11)
  10. UI0Detect.exe poppt jede Minute kurz auf
    Plagegeister aller Art und deren Bekämpfung - 02.07.2012 (1)
  11. IE poppt auf mit Werbeseiten usw. Logfiles im Text
    Log-Analyse und Auswertung - 15.02.2011 (3)
  12. IExplorer poppt auf mit Werbung
    Log-Analyse und Auswertung - 05.08.2010 (13)
  13. Internet Explorer poppt auf - Trojaner? AddWare?
    Log-Analyse und Auswertung - 14.05.2009 (4)
  14. IE poppt von alleine auf
    Mülltonne - 25.11.2008 (0)
  15. Arcor Ag & CO. KG poppt immer auf
    Log-Analyse und Auswertung - 31.12.2007 (0)
  16. IE poppt ständig auf
    Log-Analyse und Auswertung - 21.11.2007 (2)
  17. IE poppt von alleine auf
    Log-Analyse und Auswertung - 22.10.2004 (1)

Zum Thema Internetexplorer poppt auf - Bei mir poppt immer der IE auf mit unseriösen Seiten. Habe Windows 7 Ultimate und dieses auch schon neu aufgesetzt, das Problem bleibt aber weiterhin bestehen. HiJack gibt folgenden Log. - Internetexplorer poppt auf...
Archiv
Du betrachtest: Internetexplorer poppt auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.