Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren

buenavista62 · 21.07.2010, 13:34

Hallo Leute,

Wenn ich den PC runterfahren will, erscheint immer ein kleines Fenster mit der Zahl "2" und dem Titel "sdfsdf". Ich habe rausgefunden, dass es von lsass.exe ist.

Was lsass.exe ist, weiss ich ja ungefähr. Also habe ich zuerst mal gesucht, ob sich vielleicht ein Virus reingeschlichen hat. Dann fand ich standartgemäss lsass.exe im windows32 Order und noch 3 mal lsass.exe irgendwo tief im winsxs Ordner.

Ein Virus kann es nicht sein, da ich den PC(Laptop) erst seit einen Tag habe und nur eine Antivirus Programm und Windows Live Messenger runtergeladen habe. Mein Cousin hat den Laptop sogar noch neu aufgesetzt für mich.

Das Problem an sich ist zwar nicht so schlimm, denn ich kann auf schliessen drücken, ohne dass was passiert. Windows fährt anschliessend normal herunter. Jedoch stört es nunmal trotzdem ein bisschen.

Danke im Voraus für eure Antworten.

EDIT: Falls sich jemand genervt fühlt, da ich Malware Anti-Bytes und OTL und so nicht ausgeführt habe, soll mich nicht falsch verstehen. Der PC ist ganz neu und ich habe gestern Abend noch eine vollständige Systemüberprüfung mit Avira ausgeführt.

cosinus · 22.07.2010, 15:39

bitte nen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

buenavista62 · 22.07.2010, 17:17

Danke für deine Antwort.

Siehe da, es wurden infizierte Objekte gefunden. Soll ich die Dateien löschen?
malwarebytes

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4338

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.07.2010 18:14:03
mbam-log-2010-07-22 (18-14-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 269078
Laufzeit: 42 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
C:\Users\Ates\AppData\Roaming\lsass.exe (Trojan.Delf) -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Delf) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Delf) -> Data: c:\users\ates\appdata\roaming\lsass.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Users\Ates\AppData\Roaming\lsass.exe") Good: (Explorer.exe) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Ates\AppData\Roaming\lsass.exe (Trojan.Delf) -> No action taken.

Die zwei OTL logfiles.
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7/22/2010 6:08:36 PM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Ates\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.71 Gb Total Space | 183.01 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Drive D: | 9.37 Gb Total Space | 9.30 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ATES-PC
Current User Name: Ates
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ates\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
PRC - C:\Users\Ates\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ates\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 F3 E4 CB 75 28 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSWUpdate] C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Users\Ates\AppData\Roaming\lsass.exe") - C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/22 17:26:17 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Canneverbe Limited
[2010/07/22 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/07/22 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Malwarebytes
[2010/07/22 17:04:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/22 17:04:47 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/22 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/22 17:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/22 17:03:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Ates\Desktop\OTL.exe
[2010/07/22 01:09:41 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/07/21 15:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/21 15:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010/07/21 13:06:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/21 12:18:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/21 12:16:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/21 10:35:17 | 000,000,000 | ---D | C] -- C:\Users\Ates\Documents\Meine empfangenen Dateien
[2010/07/21 09:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/21 09:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/21 06:09:14 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Avira
[2010/07/21 06:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/07/21 05:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/07/21 05:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/21 05:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/07/21 05:28:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010/07/21 05:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/07/21 05:25:34 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Microsoft Help
[2010/07/21 05:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/07/21 05:24:25 | 000,000,000 | ---D | C] -- C:\Users\Ates\Tracing
[2010/07/21 05:22:23 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\WinRAR
[2010/07/21 05:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/07/21 05:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/21 05:15:04 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\DAEMON Tools Lite
[2010/07/21 05:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/21 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Diagnostics
[2010/07/21 05:08:50 | 000,462,849 | -HS- | C] (YBhiz) -- C:\Users\Ates\AppData\Roaming\lsass.exe
[2010/07/21 05:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/07/21 04:59:44 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\uTorrent
[2010/07/21 04:54:45 | 000,000,000 | ---D | C] -- C:\Users\Ates\Desktop\Sercan
[2010/07/21 04:39:07 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010/07/21 04:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2010/07/21 04:38:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2010/07/21 04:38:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2010/07/21 04:38:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2010/07/21 04:32:56 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2010/07/21 04:32:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2010/07/21 04:32:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2010/07/21 04:32:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2010/07/21 04:32:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2010/07/21 04:32:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2010/07/21 04:32:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2010/07/21 04:32:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2010/07/21 04:32:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2010/07/21 04:32:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2010/07/21 04:32:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2010/07/21 04:32:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2010/07/21 04:32:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2010/07/21 04:32:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2010/07/21 04:32:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2010/07/21 04:32:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2010/07/21 04:32:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2010/07/21 04:32:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2010/07/21 04:32:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2010/07/21 04:32:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2010/07/21 04:32:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2010/07/21 04:32:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2010/07/21 04:32:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2010/07/21 04:32:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2010/07/21 04:32:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2010/07/21 04:32:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2010/07/21 04:32:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2010/07/21 04:32:33 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2010/07/21 04:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2010/07/21 04:32:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2010/07/21 04:32:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2010/07/21 04:32:31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2010/07/21 04:32:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2010/07/21 04:32:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2010/07/21 04:32:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2010/07/21 04:32:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2010/07/21 04:32:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2010/07/21 04:32:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2010/07/21 04:32:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2010/07/21 04:32:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2010/07/21 04:32:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2010/07/21 04:32:14 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2010/07/21 04:32:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2010/07/21 04:32:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2010/07/21 04:32:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2010/07/21 04:32:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2010/07/21 04:32:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2010/07/21 04:31:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2010/07/21 04:31:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2010/07/21 04:31:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2010/07/21 04:31:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2010/07/21 04:31:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2010/07/21 04:31:40 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2010/07/21 04:31:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2010/07/21 04:31:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2010/07/21 04:31:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2010/07/21 04:31:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2010/07/21 04:31:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2010/07/21 04:31:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2010/07/21 04:31:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2010/07/21 04:31:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2010/07/21 04:31:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2010/07/21 04:31:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2010/07/21 04:31:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2010/07/21 04:31:39 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2010/07/21 04:27:40 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/07/21 04:27:40 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/07/21 04:27:40 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/07/21 04:27:40 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/07/21 04:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/21 04:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/07/21 04:26:13 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Google
[2010/07/21 04:25:27 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Macromedia
[2010/07/21 04:25:27 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Adobe
[2010/07/21 04:25:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/07/21 04:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Apps
[2010/07/21 04:18:02 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Deployment
[2010/07/21 04:09:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/07/21 04:09:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/07/21 04:09:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/07/21 04:09:29 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/07/21 04:09:29 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/07/21 04:09:29 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/07/21 04:09:29 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/07/21 04:09:29 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/07/21 04:09:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/07/21 04:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/21 04:07:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/21 04:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/21 04:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/07/21 04:04:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/21 03:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/21 03:57:02 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/07/21 03:57:02 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/07/21 03:57:01 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/07/21 03:56:54 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/07/21 03:56:53 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/07/21 03:56:52 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/07/21 03:56:52 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/07/21 03:56:51 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/07/21 03:56:51 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/07/21 03:56:44 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/07/21 03:56:44 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/07/21 03:56:44 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/07/21 03:56:44 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/07/21 03:56:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/07/21 03:56:43 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/07/21 03:56:43 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/07/21 03:56:43 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/07/21 03:56:43 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/07/21 03:56:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/07/21 03:56:43 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/07/21 03:56:43 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/07/21 03:56:43 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/07/21 03:56:43 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/07/21 03:56:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/07/21 03:56:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/07/21 03:56:38 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/07/21 03:56:38 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/07/21 03:56:36 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/07/21 03:56:36 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/07/21 03:56:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/07/21 03:56:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/07/21 03:56:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/07/21 03:56:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/07/21 03:56:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/07/21 03:56:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/07/21 03:56:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/07/21 03:56:19 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/21 03:56:16 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/07/21 03:56:16 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/07/21 03:56:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/07/21 03:56:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/07/21 03:56:13 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/07/21 03:56:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/07/21 03:56:13 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/07/21 03:56:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/07/21 03:56:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/07/21 03:56:07 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/07/21 03:56:07 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/07/21 03:56:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/07/21 03:56:07 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/07/21 03:56:05 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/07/21 03:56:05 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/07/21 03:56:04 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/07/21 03:55:59 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/07/21 03:55:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/07/21 03:55:55 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/07/21 03:55:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/07/21 03:55:49 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/07/21 03:55:49 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/07/21 03:55:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/07/21 03:55:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/07/21 03:55:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/07/21 03:55:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/07/21 03:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/07/21 03:45:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/21 03:44:51 | 000,637,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010/07/21 03:43:36 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/07/21 03:43:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/07/21 03:43:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/07/21 03:43:35 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/07/21 03:39:44 | 000,000,000 | R--D | C] -- C:\Users\Ates\Searches
[2010/07/21 03:39:44 | 000,000,000 | -H-D | C] -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/21 03:39:31 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Identities
[2010/07/21 03:39:22 | 000,000,000 | R--D | C] -- C:\Users\Ates\Contacts
[2010/07/21 03:39:20 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\VirtualStore
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\Temporary Internet Files
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Templates
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Start Menu
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\SendTo
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Recent
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\PrintHood
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\NetHood
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Videos
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Pictures
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Music
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\My Documents
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Local Settings
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\History
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Cookies
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Application Data
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\Application Data
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Temp
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Microsoft
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Media Center Programs
[2010/07/21 03:39:05 | 000,000,000 | --SD | C] -- C:\Users\Ates\AppData\Roaming\Microsoft
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Videos
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Saved Games
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Pictures
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Music
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Links
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Favorites
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Downloads
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Documents
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Desktop
[2010/07/21 03:39:05 | 000,000,000 | -H-D | C] -- C:\Users\Ates\AppData
[2010/07/20 15:48:32 | 000,000,000 | ---D | C] -- C:\Qt
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/22 18:08:39 | 001,048,576 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT
[2010/07/22 17:33:39 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 17:33:39 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 17:24:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/22 17:24:26 | 000,641,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/07/22 17:24:26 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/22 17:24:26 | 000,126,062 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/07/22 17:24:26 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/22 17:03:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ates\Desktop\OTL.exe
[2010/07/22 16:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/22 11:33:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/22 11:33:26 | 3219,812,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 11:23:55 | 001,808,165 | -H-- | M] () -- C:\Users\Ates\AppData\Local\IconCache.db
[2010/07/22 10:06:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/22 01:09:42 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2010/07/22 01:09:42 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2010/07/22 01:09:41 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/07/22 00:52:49 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe
[2010/07/22 00:51:29 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\vietxgpix.exe
[2010/07/22 00:45:51 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\wogwaoogy.exe
[2010/07/22 00:44:14 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\obsutgyoc.exe
[2010/07/22 00:37:12 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\hjtoqokki.exe
[2010/07/22 00:35:43 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\blcoahjjc.exe
[2010/07/22 00:30:03 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe
[2010/07/22 00:29:14 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\upwnvajiw.exe
[2010/07/21 13:06:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/21 12:20:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/21 12:20:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/21 09:59:50 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/21 06:01:09 | 000,108,840 | ---- | M] () -- C:\Users\Ates\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/21 05:30:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/21 05:27:46 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/21 05:15:52 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/21 05:09:50 | 000,462,849 | -HS- | M] (YBhiz) -- C:\Users\Ates\AppData\Roaming\lsass.exe
[2010/07/21 04:38:16 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2010/07/21 04:38:16 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2010/07/21 03:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:57:21 | 000,065,536 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 03:41:04 | 000,001,437 | ---- | M] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 03:39:06 | 000,000,020 | -HS- | M] () -- C:\Users\Ates\ntuser.ini
 
========== Files Created - No Company Name ==========
 
[2010/07/22 10:06:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/22 00:52:49 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe
[2010/07/22 00:51:29 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\vietxgpix.exe
[2010/07/22 00:45:50 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\wogwaoogy.exe
[2010/07/22 00:44:14 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\obsutgyoc.exe
[2010/07/22 00:37:12 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\hjtoqokki.exe
[2010/07/22 00:35:43 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\blcoahjjc.exe
[2010/07/22 00:30:03 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe
[2010/07/22 00:29:13 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\upwnvajiw.exe
[2010/07/21 15:35:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/07/21 15:35:48 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010/07/21 12:15:06 | 3219,812,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/21 05:30:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/21 05:15:52 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/21 04:40:08 | 000,641,706 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2010/07/21 04:40:08 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2010/07/21 04:40:08 | 000,126,062 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2010/07/21 04:40:08 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2010/07/21 03:41:04 | 000,001,437 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 03:39:06 | 000,524,288 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:39:06 | 000,524,288 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:39:06 | 000,262,144 | -HS- | C] () -- C:\Users\Ates\ntuser.dat.LOG1
[2010/07/21 03:39:06 | 000,065,536 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 03:39:06 | 000,000,290 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/21 03:39:06 | 000,000,272 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/21 03:39:06 | 000,000,020 | -HS- | C] () -- C:\Users\Ates\ntuser.ini
[2010/07/21 03:39:06 | 000,000,000 | -HS- | C] () -- C:\Users\Ates\ntuser.dat.LOG2
[2010/07/21 03:39:05 | 001,048,576 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 7/22/2010 6:08:36 PM - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Ates\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.71 Gb Total Space | 183.01 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Drive D: | 9.37 Gb Total Space | 9.30 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ATES-PC
Current User Name: Ates
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Ates\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/20/2010 11:15:27 PM | Computer Name = Ates-PC | Source = VSS | ID = 8194
Description = 
 
Error - 7/20/2010 11:30:36 PM | Computer Name = Ates-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".
Die
 abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 7/21/2010 11:43:09 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8209
Description = Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt
 für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
 
Error - 7/21/2010 11:43:09 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4A2)
 für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
 
Error - 7/21/2010 7:14:06 PM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x80070005
 
Error - 7/21/2010 7:14:06 PM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 7/22/2010 3:58:17 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x80070005
 
Error - 7/22/2010 3:58:17 AM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 7/22/2010 5:42:41 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x80070005
 
Error - 7/22/2010 5:42:41 AM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
[ System Events ]
Error - 7/21/2010 1:32:06 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:32:52 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:32:53 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:35:18 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/21/2010 1:37:09 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:37:12 PM | Computer Name = Ates-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{F413484F-0454-4B7F-9D9B-03550CF756AE} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 7/21/2010 1:37:12 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:41:35 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/21/2010 7:02:42 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/21/2010 7:12:42 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >

--- --- ---

Ist jetzt schon ziemlich mühsam, fast schon unglaublich. Das stresst mich ziemlich.

cosinus · 22.07.2010, 18:10

Ja bitte alles löschen. Mach danach einen Neustart und erstell neue OTL-Logs weil sich das System durch MBAM ja verändert hat.

Edit: Du kannst schon mal den Fix laufen lassen:
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
PRC - C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O20 - HKLM Winlogon: Shell - ("C:\Users\Ates\AppData\Roaming\lsass.exe") - C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
[2010/07/21 05:08:50 | 000,462,849 | -HS- | C] (YBhiz) -- C:\Users\Ates\AppData\Roaming\lsass.exe
[2010/07/22 00:52:49 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe
[2010/07/22 00:51:29 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\vietxgpix.exe
[2010/07/22 00:45:51 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\wogwaoogy.exe
[2010/07/22 00:44:14 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\obsutgyoc.exe
[2010/07/22 00:37:12 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\hjtoqokki.exe
[2010/07/22 00:35:43 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\blcoahjjc.exe
[2010/07/22 00:30:03 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe
[2010/07/22 00:29:14 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\upwnvajiw.exe
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

buenavista62 · 22.07.2010, 18:22

Hier, bitte.
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 7/22/2010 7:15:07 PM - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Ates\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.71 Gb Total Space | 182.03 Gb Free Space | 63.05% Space Free | Partition Type: NTFS
Drive D: | 9.37 Gb Total Space | 9.30 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ATES-PC
Current User Name: Ates
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Ates\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ates\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Ates\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 F3 E4 CB 75 28 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/07/22 17:26:17 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Canneverbe Limited
[2010/07/22 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/07/22 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Malwarebytes
[2010/07/22 17:04:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/22 17:04:47 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/22 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/22 17:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/22 17:03:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Ates\Desktop\OTL.exe
[2010/07/22 01:09:41 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/07/21 15:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/21 15:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010/07/21 13:06:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/21 12:18:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/21 12:16:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/21 10:35:17 | 000,000,000 | ---D | C] -- C:\Users\Ates\Documents\Meine empfangenen Dateien
[2010/07/21 09:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/21 09:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/21 06:09:14 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Avira
[2010/07/21 06:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/07/21 05:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/07/21 05:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/21 05:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/07/21 05:28:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010/07/21 05:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/07/21 05:25:34 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Microsoft Help
[2010/07/21 05:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/07/21 05:24:25 | 000,000,000 | ---D | C] -- C:\Users\Ates\Tracing
[2010/07/21 05:22:23 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\WinRAR
[2010/07/21 05:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/07/21 05:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/21 05:15:04 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\DAEMON Tools Lite
[2010/07/21 05:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/21 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Diagnostics
[2010/07/21 05:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/07/21 04:59:44 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\uTorrent
[2010/07/21 04:54:45 | 000,000,000 | ---D | C] -- C:\Users\Ates\Desktop\Sercan
[2010/07/21 04:39:07 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010/07/21 04:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2010/07/21 04:38:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2010/07/21 04:38:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2010/07/21 04:38:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2010/07/21 04:32:56 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2010/07/21 04:32:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2010/07/21 04:32:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2010/07/21 04:32:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2010/07/21 04:32:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2010/07/21 04:32:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2010/07/21 04:32:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2010/07/21 04:32:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2010/07/21 04:32:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2010/07/21 04:32:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2010/07/21 04:32:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2010/07/21 04:32:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2010/07/21 04:32:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2010/07/21 04:32:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2010/07/21 04:32:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2010/07/21 04:32:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2010/07/21 04:32:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2010/07/21 04:32:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2010/07/21 04:32:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2010/07/21 04:32:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2010/07/21 04:32:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2010/07/21 04:32:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2010/07/21 04:32:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2010/07/21 04:32:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2010/07/21 04:32:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2010/07/21 04:32:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2010/07/21 04:32:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2010/07/21 04:32:33 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2010/07/21 04:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2010/07/21 04:32:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2010/07/21 04:32:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2010/07/21 04:32:31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2010/07/21 04:32:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2010/07/21 04:32:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2010/07/21 04:32:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2010/07/21 04:32:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2010/07/21 04:32:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2010/07/21 04:32:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2010/07/21 04:32:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2010/07/21 04:32:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2010/07/21 04:32:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2010/07/21 04:32:14 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2010/07/21 04:32:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2010/07/21 04:32:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2010/07/21 04:32:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2010/07/21 04:32:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2010/07/21 04:32:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2010/07/21 04:31:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2010/07/21 04:31:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2010/07/21 04:31:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2010/07/21 04:31:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2010/07/21 04:31:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2010/07/21 04:31:40 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2010/07/21 04:31:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2010/07/21 04:31:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2010/07/21 04:31:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2010/07/21 04:31:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2010/07/21 04:31:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2010/07/21 04:31:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2010/07/21 04:31:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2010/07/21 04:31:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2010/07/21 04:31:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2010/07/21 04:31:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2010/07/21 04:31:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2010/07/21 04:31:39 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2010/07/21 04:27:40 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/07/21 04:27:40 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/07/21 04:27:40 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/07/21 04:27:40 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/07/21 04:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/21 04:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/07/21 04:26:13 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Google
[2010/07/21 04:25:27 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Macromedia
[2010/07/21 04:25:27 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Adobe
[2010/07/21 04:25:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/07/21 04:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Apps
[2010/07/21 04:18:02 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Deployment
[2010/07/21 04:09:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/07/21 04:09:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/07/21 04:09:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/07/21 04:09:29 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/07/21 04:09:29 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/07/21 04:09:29 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/07/21 04:09:29 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/07/21 04:09:29 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/07/21 04:09:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/07/21 04:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/21 04:07:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/21 04:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/21 04:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/07/21 04:04:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/21 03:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/21 03:57:02 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/07/21 03:57:02 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/07/21 03:57:01 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/07/21 03:56:54 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/07/21 03:56:53 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/07/21 03:56:52 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/07/21 03:56:52 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/07/21 03:56:51 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/07/21 03:56:51 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/07/21 03:56:44 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/07/21 03:56:44 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/07/21 03:56:44 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/07/21 03:56:44 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/07/21 03:56:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/07/21 03:56:43 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/07/21 03:56:43 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/07/21 03:56:43 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/07/21 03:56:43 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/07/21 03:56:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/07/21 03:56:43 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/07/21 03:56:43 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/07/21 03:56:43 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/07/21 03:56:43 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/07/21 03:56:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/07/21 03:56:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/07/21 03:56:38 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/07/21 03:56:38 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/07/21 03:56:36 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/07/21 03:56:36 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/07/21 03:56:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/07/21 03:56:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/07/21 03:56:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/07/21 03:56:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/07/21 03:56:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/07/21 03:56:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/07/21 03:56:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/07/21 03:56:19 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/21 03:56:16 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/07/21 03:56:16 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/07/21 03:56:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/07/21 03:56:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/07/21 03:56:13 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/07/21 03:56:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/07/21 03:56:13 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/07/21 03:56:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/07/21 03:56:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/07/21 03:56:07 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/07/21 03:56:07 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/07/21 03:56:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/07/21 03:56:07 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/07/21 03:56:05 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/07/21 03:56:05 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/07/21 03:56:04 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/07/21 03:55:59 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/07/21 03:55:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/07/21 03:55:55 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/07/21 03:55:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/07/21 03:55:49 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/07/21 03:55:49 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/07/21 03:55:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/07/21 03:55:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/07/21 03:55:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/07/21 03:55:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/07/21 03:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/07/21 03:45:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/21 03:44:51 | 000,637,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010/07/21 03:43:36 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/07/21 03:43:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/07/21 03:43:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/07/21 03:43:35 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/07/21 03:39:44 | 000,000,000 | R--D | C] -- C:\Users\Ates\Searches
[2010/07/21 03:39:44 | 000,000,000 | -H-D | C] -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/21 03:39:31 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Identities
[2010/07/21 03:39:22 | 000,000,000 | R--D | C] -- C:\Users\Ates\Contacts
[2010/07/21 03:39:20 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\VirtualStore
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\Temporary Internet Files
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Templates
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Start Menu
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\SendTo
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Recent
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\PrintHood
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\NetHood
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Videos
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Pictures
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Music
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\My Documents
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Local Settings
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\History
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Cookies
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Application Data
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\Application Data
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Temp
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Microsoft
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Media Center Programs
[2010/07/21 03:39:05 | 000,000,000 | --SD | C] -- C:\Users\Ates\AppData\Roaming\Microsoft
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Videos
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Saved Games
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Pictures
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Music
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Links
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Favorites
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Downloads
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Documents
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Desktop
[2010/07/21 03:39:05 | 000,000,000 | -H-D | C] -- C:\Users\Ates\AppData
[2010/07/20 15:48:32 | 000,000,000 | ---D | C] -- C:\Qt
 
========== Files - Modified Within 30 Days ==========
 
[2010/07/22 19:12:57 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/22 19:12:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/22 19:12:41 | 3219,812,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 19:11:46 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 19:11:46 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 19:11:41 | 001,048,576 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT
[2010/07/22 19:11:39 | 002,715,276 | -H-- | M] () -- C:\Users\Ates\AppData\Local\IconCache.db
[2010/07/22 18:34:48 | 001,512,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/22 18:34:48 | 000,652,006 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/07/22 18:34:48 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/22 18:34:48 | 000,129,674 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/07/22 18:34:48 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/22 17:03:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ates\Desktop\OTL.exe
[2010/07/22 10:06:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/22 01:09:42 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2010/07/22 01:09:42 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2010/07/22 01:09:41 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/07/22 00:52:49 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe
[2010/07/22 00:51:29 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\vietxgpix.exe
[2010/07/22 00:45:51 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\wogwaoogy.exe
[2010/07/22 00:44:14 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\obsutgyoc.exe
[2010/07/22 00:37:12 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\hjtoqokki.exe
[2010/07/22 00:35:43 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\blcoahjjc.exe
[2010/07/22 00:30:03 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe
[2010/07/22 00:29:14 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\upwnvajiw.exe
[2010/07/21 13:06:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/21 12:20:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/21 12:20:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/21 09:59:50 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/21 06:01:09 | 000,108,840 | ---- | M] () -- C:\Users\Ates\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/21 05:30:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/21 05:27:46 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/21 05:15:52 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/21 04:38:16 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2010/07/21 04:38:16 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2010/07/21 03:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:57:21 | 000,065,536 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 03:41:04 | 000,001,437 | ---- | M] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 03:39:06 | 000,000,020 | -HS- | M] () -- C:\Users\Ates\ntuser.ini
 
========== Files Created - No Company Name ==========
 
[2010/07/22 10:06:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/22 00:52:49 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe
[2010/07/22 00:51:29 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\vietxgpix.exe
[2010/07/22 00:45:50 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\wogwaoogy.exe
[2010/07/22 00:44:14 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\obsutgyoc.exe
[2010/07/22 00:37:12 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\hjtoqokki.exe
[2010/07/22 00:35:43 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\blcoahjjc.exe
[2010/07/22 00:30:03 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe
[2010/07/22 00:29:13 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\upwnvajiw.exe
[2010/07/21 15:35:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/07/21 15:35:48 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010/07/21 12:15:06 | 3219,812,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/21 05:30:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/21 05:15:52 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/21 04:40:08 | 000,652,006 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2010/07/21 04:40:08 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2010/07/21 04:40:08 | 000,129,674 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2010/07/21 04:40:08 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2010/07/21 03:41:04 | 000,001,437 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 03:39:06 | 000,524,288 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:39:06 | 000,524,288 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:39:06 | 000,262,144 | -HS- | C] () -- C:\Users\Ates\ntuser.dat.LOG1
[2010/07/21 03:39:06 | 000,065,536 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 03:39:06 | 000,000,290 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/21 03:39:06 | 000,000,272 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/21 03:39:06 | 000,000,020 | -HS- | C] () -- C:\Users\Ates\ntuser.ini
[2010/07/21 03:39:06 | 000,000,000 | -HS- | C] () -- C:\Users\Ates\ntuser.dat.LOG2
[2010/07/21 03:39:05 | 001,048,576 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 7/22/2010 7:15:07 PM - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Ates\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 73.00% Memory free
8.00 Gb Paging File | 7.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.71 Gb Total Space | 182.03 Gb Free Space | 63.05% Space Free | Partition Type: NTFS
Drive D: | 9.37 Gb Total Space | 9.30 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ATES-PC
Current User Name: Ates
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Ates\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 7/21/2010 11:43:09 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8209
Description = Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt
 für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
 
Error - 7/21/2010 11:43:09 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4A2)
 für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
 
Error - 7/21/2010 7:14:06 PM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x80070005
 
Error - 7/21/2010 7:14:06 PM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 7/22/2010 3:58:17 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x80070005
 
Error - 7/22/2010 3:58:17 AM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 7/22/2010 5:42:41 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x80070005
 
Error - 7/22/2010 5:42:41 AM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
Error - 7/22/2010 1:13:05 PM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode:  0x80070005
 
Error - 7/22/2010 1:13:05 PM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
 
[ System Events ]
Error - 7/21/2010 1:32:06 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:32:52 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:32:53 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:35:18 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/21/2010 1:37:09 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:37:12 PM | Computer Name = Ates-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{F413484F-0454-4B7F-9D9B-03550CF756AE} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 7/21/2010 1:37:12 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.33  registriert werden. Der Computer mit IP-Adresse 192.168.1.35
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 7/21/2010 1:41:35 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/21/2010 7:02:42 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 7/21/2010 7:12:42 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >

--- --- ---

Fix Log.

Zitat:

All processes killed
========== OTL ==========
No active process named lsass.exe was found!
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\MSWUpdate not found.
File C:\Users\Ates\AppData\Roaming\lsass.exe not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:"C:\Users\Ates\AppData\Roaming\lsass.exe" deleted successfully.
File C:\Users\Ates\AppData\Roaming\lsass.exe not found.
File C:\Users\Ates\AppData\Roaming\lsass.exe not found.
C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe moved successfully.
C:\Users\Ates\AppData\Roaming\vietxgpix.exe moved successfully.
C:\Users\Ates\AppData\Roaming\wogwaoogy.exe moved successfully.
C:\Users\Ates\AppData\Roaming\obsutgyoc.exe moved successfully.
C:\Users\Ates\AppData\Roaming\hjtoqokki.exe moved successfully.
C:\Users\Ates\AppData\Roaming\blcoahjjc.exe moved successfully.
C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe moved successfully.
C:\Users\Ates\AppData\Roaming\upwnvajiw.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Ates
->Temp folder emptied: 314210841 bytes
->Temporary Internet Files folder emptied: 3268046 bytes
->Google Chrome cache emptied: 349516199 bytes
->Flash cache emptied: 2069 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11339589 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 543874 bytes

Total Files Cleaned = 648.00 mb

OTL by OldTimer - Version 3.2.9.1 log created on 07222010_192848

Files\Folders moved on Reboot...
C:\Users\Ates\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 22.07.2010, 19:16

Hast Du zuerst neue Logs erstellt oder zuerst den OTL-Fix gemacht?

buenavista62 · 22.07.2010, 22:05

Zuerst habe ich die neuen Logs erstellt, dann einen Neustart gemacht, und anschliessend den Fix gemacht. Ich hoffe, es war so richtig.

cosinus · 22.07.2010, 22:36

Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

buenavista62 · 23.07.2010, 00:36

Hier, bitte.

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4339

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.07.2010 00:21:40
mbam-log-2010-07-23 (00-21-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 268960
Laufzeit: 41 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/23/2010 at 01:33 AM

Application Version : 4.41.1000

Core Rules Database Version : 5250
Trace Rules Database Version: 3062

Scan type : Complete Scan
Total Scan Time : 01:10:38

Memory items scanned : 577
Memory threats detected : 0
Registry items scanned : 12844
Registry threats detected : 0
File items scanned : 147141
File threats detected : 7

Adware.Tracking Cookie
C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Cookies\ates@atdmt[1].txt
C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Cookies\ates@mediaplex[2].txt
C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Cookies\ates@serving-sys[1].txt
C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Cookies\ates@adserver.devaki[1].txt
C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Cookies\ates@bs.serving-sys[1].txt
C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Cookies\ates@apmebf[1].txt
C:\Users\Ates\AppData\Roaming\Microsoft\Windows\Cookies\ates@adfarm1.adition[2].txt

22.07.2010, 19:16	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren Hast Du zuerst neue Logs erstellt oder zuerst den OTL-Fix gemacht? __________________ --> Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren

22.07.2010, 22:36	#8
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren Ok. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren

Plagegeister aller Art und deren Bekämpfung: Programm "sdfsdf" (lsass.exe) erscheint beim Herunterfahren