Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Unmengen an Upload -> Virus/Trojaner ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.04.2011, 09:14   #1
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Hi,

ich bin echt am verzweifeln im Moment. Mir ist seit gestern aufgefallen, dass mein PC eigentlich dauerhaft große Mengen an Daten ins Internet lädt.

Ich habe seit heute morgen ca. 5:50 Uhr bis jetzt ca. 9:00 Uhr bereits schon 927 MB Daten hochgeladen, aber nur 219 MB Daten empfangen.

Ich bin aus der Firma Remote auf meinem PC und dadurch ist mir durchaus bewusst, dass er natürlich Daten an mich in der Firma senden muss. Jedoch mache ich dieses schon seit Monaten und es waren im Schnitt im Monat ca. 10 Gigabyte Daten, die versendet wurden.

Mit gestern und heute bin ich schon bei 7 Gigabyte, die versendet wurden und gestern war ich Remote gar nicht auf dem Rechner. Leider bekomme ich einfach nicht heraus, was dort für Daten übertragen werden, von welchem Programm so viele Daten übertragen werden und vor allen Dingen wohin ??

Aufgefallen ist mir das gestern, da die Fritz Box ca. alle 30 Minuten neustarten musste, da zuviele Verbindungen aufgebaut wurden. Ich kenne das noch aus den P2P Zeiten, wenn bei Emule oder Torrent so viele Verbindungen aufgebaut wurden. Dies ist aber schon ewig nicht mehr der Fall.
Durch die ganzen Neustarts bin ich darauf gestossen, dass so viele Daten transferiert werden.

Ich habe schon folgendes getan:

einen kompletten Systemscan nach Viren gemacht -> kein Ergebnis
mit Wireshark den Traffic begutachtet -> sagt mir nichts
load.exe ausgeführt und die beiden Logdateien angehängt


Ich hoffe hier hat noch jemand eine Idee, was das sein könnte und wie ich das abstelle.


Ps.: In der Zeit, in der ich den Beitrag geschrieben habe, sind wieder 20 MB hochgeladen worden.

Alt 13.04.2011, 12:18   #2
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Da mir im Nachhinein eingefallen ist, dass sich wahrscheinlich niemand die Logdateien runterladen würde, poste ich sie nochmal so.

Sorry 4 Doppelpost.

OTL Log
Code:
ATTFilter
OTL logfile created on: 13.04.2011 08:49:20 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\BalloS\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 76,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,89 Gb Total Space | 38,69 Gb Free Space | 39,53% Space Free | Partition Type: NTFS
Drive D: | 1299,37 Gb Total Space | 1119,01 Gb Free Space | 86,12% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 1188,09 Gb Free Space | 85,03% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 420,41 Gb Free Space | 30,09% Space Free | Partition Type: NTFS
Drive J: | 14,73 Gb Total Space | 14,64 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive K: | 3,92 Gb Total Space | 3,74 Gb Free Space | 95,50% Space Free | Partition Type: NTFS
 
Computer Name: BALLOS-PC | User Name: BalloS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.13 08:43:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe
PRC - [2011.04.11 22:15:04 | 001,613,984 | ---- | M] (Argotronic UG (haftungsbeschraenkt)) -- C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe
PRC - [2011.03.24 06:08:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.03.16 19:30:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.01 16:47:56 | 007,832,440 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.14 07:53:50 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe
PRC - [2011.01.14 07:53:48 | 002,942,856 | ---- | M] (Hagel Technologies Ltd.) -- C:\PROGRA~2\DU Meter\DUMeter.exe
PRC - [2011.01.04 12:49:59 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe
PRC - [2010.11.04 20:50:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.04 20:50:17 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.10.25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
PRC - [2010.09.03 12:35:34 | 001,406,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
PRC - [2010.07.12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.04.21 19:05:20 | 000,161,136 | ---- | M] (Famatech Corp.) -- C:\Windows\SysWOW64\rserver30\FamItrfc.Exe
PRC - [2010.04.21 07:02:02 | 001,242,480 | ---- | M] (Famatech Corp.) -- C:\Windows\SysWOW64\rserver30\rserver3.exe
PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010.03.17 12:05:40 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe
PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.11.19 18:43:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Razer\Copperhead\razerhid.exe
PRC - [2009.11.16 13:25:32 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Copperhead\razertra.exe
PRC - [2007.12.11 14:00:00 | 000,692,808 | ---- | M] (Mirko Böer) -- C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe
PRC - [2007.05.07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe
PRC - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe
PRC - [2007.01.24 15:57:14 | 000,897,024 | ---- | M] (Rhino Software, Inc. +1(262) 560-9627) -- C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUDaemon.exe
PRC - [2007.01.09 09:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Copperhead\razerofa.exe
PRC - [1999.09.30 22:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.13 08:43:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.05 04:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.04 23:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV:64bit: - [2010.06.14 12:28:50 | 002,069,880 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.03.16 19:30:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.01.14 07:53:50 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2010.11.04 20:50:17 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.04.21 07:02:02 | 001,242,480 | ---- | M] (Famatech Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rserver30\RServer3.exe -- (RServer3)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.17 12:05:42 | 000,039,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.12.11 14:00:00 | 000,692,808 | ---- | M] (Mirko Böer) [Auto | Running] -- C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe -- (TMPService)
SRV - [2007.01.24 15:57:14 | 000,897,024 | ---- | M] (Rhino Software, Inc. +1(262) 560-9627) [Auto | Running] -- C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUDaemon.exe -- (Serv-U)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.01.05 05:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.05 04:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.11.22 14:25:45 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.10.09 15:34:16 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.04 22:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.06.14 12:17:04 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:64bit: - [2010.04.21 07:02:00 | 000,005,632 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rminiv3.sys -- (mirrorv3)
DRV:64bit: - [2010.03.17 12:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.03.17 12:05:40 | 000,038,432 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.11.10 15:50:18 | 000,014,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd)
DRV:64bit: - [2009.10.19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.09.30 09:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.31 11:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.04.11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr)
DRV:64bit: - [2005.10.21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp)
DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2011.01.14 07:53:54 | 000,019,088 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS -- (DUMeterDrv)
DRV - [2010.04.21 07:02:00 | 000,068,680 | ---- | M] (Famatech Corp.) [Kernel | System | Running] -- C:\Windows\SysWOW64\rserver30\raddrvv3.sys -- (raddrvv3)
DRV - [2005.12.21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 7E 89 68 6E 7F CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: bundeskampftoolbar@spielwerk.gmbh:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906}:1.2
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.01.27 13:39:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 06:08:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 06:08:29 | 000,000,000 | ---D | M]
 
[2010.10.09 17:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BalloS\AppData\Roaming\mozilla\Extensions
[2011.04.12 18:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions
[2011.04.08 08:29:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.03.12 11:55:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.06 11:08:07 | 000,000,000 | ---D | M] ("Biet-O-Matic Firefox Erweiterung") -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906}
[2011.04.08 08:29:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.03.26 12:25:40 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.10.09 20:11:43 | 000,000,000 | ---D | M] (Bundeskampf Toolbar) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\bundeskampftoolbar@spielwerk.gmbh
[2011.03.09 12:35:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.03.08 16:57:43 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\FasterFox_Lite@BigRedBrent
[2011.04.13 06:07:05 | 000,001,056 | ---- | M] () -- C:\Users\BalloS\AppData\Roaming\Mozilla\Firefox\Profiles\kj9yini8.default\searchplugins\icqplugin.xml
[2011.04.12 18:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.10.30 14:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.02.13 11:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.01.27 13:39:51 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll
[2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.10.31 11:47:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.31 11:47:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.31 11:47:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.31 11:47:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.31 11:47:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.11.06 15:22:32 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe ()
O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [TrafficMonitor] C:\PROGRA~2\TRAFFICMONITOR\TRAFFICMONITOR.EXE (Mirko Böer)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Argus Monitor] C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe (Argotronic UG (haftungsbeschraenkt))
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\install\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Launcher.exe
O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTORUN.exe
O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell - "" = AutoRun
O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.13 08:48:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.13 08:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011.04.13 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2011.04.13 08:42:20 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\BalloS\Desktop\Erunt-setup.exe
[2011.04.13 08:42:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe
[2011.04.13 08:42:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\BalloS\Desktop\TFC.exe
[2011.04.12 19:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies
[2011.04.12 19:11:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter
[2011.04.12 19:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DU Meter
[2011.04.12 18:02:27 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\TrafficMonitor
[2011.04.12 18:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TrafficMonitor
[2011.04.12 18:02:24 | 000,330,336 | ---- | C] (Mirko Böer) -- C:\Windows\TraffUn.EXE
[2011.04.12 18:02:24 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrafficMonitor
[2011.04.12 18:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrafficMonitor
[2011.04.12 18:01:44 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Wireshark
[2011.04.12 17:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2011.04.12 17:51:47 | 000,000,000 | ---D | C] -- C:\Programme\Wireshark
[2011.04.11 10:25:08 | 000,055,456 | ---- | C] (Argotronic UG (haftungsbeschraenkt)) -- C:\Windows\SysWow64\drivers\ArgusMonitor.sys
[2011.04.04 17:40:56 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\Sokoban
[2011.04.04 17:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sokoban
[2011.04.04 17:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BDSokobanYASC
[2011.04.02 13:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetGear
[2011.04.02 13:16:11 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\ProSafe Plus Utility
[2011.04.02 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2011.04.02 13:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetGear
[2011.03.27 20:14:34 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Local\Nero_AG
[2011.03.27 20:14:33 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Local\Nero
[2011.03.26 13:27:56 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Local\SKIDROW
[2011.03.22 10:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2011.03.22 10:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2011.03.22 10:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2011.03.22 10:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.03.22 10:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.03.20 14:00:42 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011.03.20 14:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
[2011.03.20 14:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2011.03.20 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub
[2011.03.20 14:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub
[2011.03.20 14:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest
[2011.03.20 14:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK
[2011.03.20 14:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoGK
[2011.03.19 17:44:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.03.19 17:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.03.19 17:24:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.03.19 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Desktop\Spiele
[2011.03.19 15:22:04 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\Broken Sword - Director's Cut
[2011.03.19 15:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baphomets Fluch - The Directors Cut
[2011.03.16 10:01:34 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\GHISLER
[2011.03.16 09:27:14 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Avira
[2011.03.15 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\FastCopy
[2011.03.15 19:57:24 | 000,000,000 | ---D | C] -- C:\Programme\FastCopy
[2011.03.15 19:41:13 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\TeraCopy
[2011.03.15 19:41:10 | 000,000,000 | ---D | C] -- C:\Programme\TeraCopy
[2011.03.15 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
[2011.03.14 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\BattleLA Saves
[2011.03.14 18:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konami
[2010.02.04 01:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.13 08:51:18 | 001,507,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.13 08:51:18 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.13 08:51:18 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.13 08:51:18 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.13 08:51:18 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.13 08:47:50 | 000,000,924 | ---- | M] () -- C:\Users\BalloS\Desktop\NTREGOPT.lnk
[2011.04.13 08:47:50 | 000,000,905 | ---- | M] () -- C:\Users\BalloS\Desktop\ERUNT.lnk
[2011.04.13 08:45:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.13 08:44:46 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.13 08:43:15 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\BalloS\Desktop\Erunt-setup.exe
[2011.04.13 08:43:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe
[2011.04.13 08:43:11 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\TFC.exe
[2011.04.13 08:41:43 | 000,377,280 | ---- | M] () -- C:\Users\BalloS\Desktop\Load.exe
[2011.04.13 08:07:50 | 000,150,700 | ---- | M] () -- C:\Users\BalloS\Documents\cc_20110413_080736.reg
[2011.04.13 08:05:36 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.13 05:51:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.13 05:51:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.12 18:02:24 | 000,002,927 | R--- | M] () -- C:\Windows\TrafficMonitor_Uninstall.in
[2011.04.12 18:02:24 | 000,001,015 | ---- | M] () -- C:\Users\BalloS\Desktop\TrafficMonitor.lnk
[2011.04.11 10:25:08 | 000,055,456 | ---- | M] (Argotronic UG (haftungsbeschraenkt)) -- C:\Windows\SysWow64\drivers\ArgusMonitor.sys
[2011.04.04 17:40:53 | 000,001,039 | ---- | M] () -- C:\Users\BalloS\Desktop\Sokoban YASC.lnk
[2011.04.02 13:26:34 | 000,002,825 | ---- | M] () -- C:\Users\Public\Desktop\ProSafe Plus Utility.lnk
[2011.03.22 10:10:36 | 000,002,995 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2011.03.22 10:10:11 | 000,003,053 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2011.03.22 10:09:44 | 000,002,987 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2011.03.22 10:09:06 | 000,003,197 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2011.03.22 10:08:18 | 000,003,009 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2011.03.20 14:02:17 | 000,000,540 | ---- | M] () -- C:\Users\BalloS\AppData\Roaming\AutoGK.ini
[2011.03.15 19:20:40 | 000,000,079 | ---- | M] () -- C:\Users\BalloS\AppData\Local\CrystalDiskMark30.ini
 
========== Files Created - No Company Name ==========
 
[2011.04.13 08:47:50 | 000,000,924 | ---- | C] () -- C:\Users\BalloS\Desktop\NTREGOPT.lnk
[2011.04.13 08:47:50 | 000,000,905 | ---- | C] () -- C:\Users\BalloS\Desktop\ERUNT.lnk
[2011.04.13 08:41:41 | 000,377,280 | ---- | C] () -- C:\Users\BalloS\Desktop\Load.exe
[2011.04.13 08:07:40 | 000,150,700 | ---- | C] () -- C:\Users\BalloS\Documents\cc_20110413_080736.reg
[2011.04.12 18:02:24 | 000,002,927 | R--- | C] () -- C:\Windows\TrafficMonitor_Uninstall.in
[2011.04.12 18:02:24 | 000,001,015 | ---- | C] () -- C:\Users\BalloS\Desktop\TrafficMonitor.lnk
[2011.04.12 17:52:11 | 000,001,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2011.04.04 17:40:53 | 000,001,039 | ---- | C] () -- C:\Users\BalloS\Desktop\Sokoban YASC.lnk
[2011.04.02 13:26:34 | 000,002,825 | ---- | C] () -- C:\Users\Public\Desktop\ProSafe Plus Utility.lnk
[2011.03.22 10:10:36 | 000,002,995 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk
[2011.03.22 10:10:11 | 000,003,053 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk
[2011.03.22 10:09:44 | 000,002,987 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk
[2011.03.22 10:09:06 | 000,003,197 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk
[2011.03.22 10:08:18 | 000,003,009 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk
[2011.03.20 14:02:17 | 000,000,540 | ---- | C] () -- C:\Users\BalloS\AppData\Roaming\AutoGK.ini
[2011.03.19 17:44:29 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2011.03.15 18:45:11 | 000,000,079 | ---- | C] () -- C:\Users\BalloS\AppData\Local\CrystalDiskMark30.ini
[2011.03.13 15:57:53 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.02.14 17:15:45 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe
[2011.02.14 17:15:45 | 000,000,857 | ---- | C] () -- C:\Windows\unins000.dat
[2011.02.12 17:36:42 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.20 17:28:48 | 004,718,592 | ---- | C] () -- C:\Windows\SysWow64\savegame.bin
[2010.12.18 16:15:26 | 000,003,584 | ---- | C] () -- C:\Users\BalloS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.12 18:37:36 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll
[2010.11.06 11:07:33 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.10.09 22:30:31 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.09 17:32:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.09 15:30:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.09 14:41:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.09.02 01:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.06.23 13:35:52 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.23 13:35:52 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2011.04.11 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\BOM
[2010.10.30 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\DAEMON Tools Lite
[2010.11.01 19:48:54 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\DAEMON Tools Pro
[2011.01.26 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\elsterformular
[2011.03.15 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\FastCopy
[2011.02.14 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Flatcast
[2011.03.16 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\GHISLER
[2011.02.13 01:16:08 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\ICQ
[2010.11.09 11:00:00 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\LEAPS
[2010.11.09 10:59:05 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Pegasys Inc
[2010.11.14 04:42:48 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Promixis
[2011.01.19 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Radmin
[2011.04.12 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\TeraCopy
[2011.04.12 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\TrafficMonitor
[2010.11.07 16:21:44 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Win7codecs
[2011.04.12 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Wireshark
[2010.11.26 09:20:58 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Xilisoft
[2011.03.23 19:22:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.23 13:02:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.09 15:22:20 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.09 14:31:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.10.09 21:58:32 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.04.12 17:51:47 | 000,000,000 | R--D | M] -- C:\Programme
[2011.04.13 08:47:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.04.12 19:11:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.10.09 14:31:48 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.10.09 14:31:48 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.04.13 08:50:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.03.22 11:16:00 | 000,000,000 | ---D | M] -- C:\TEMP
[2010.10.09 14:32:27 | 000,000,000 | R--D | M] -- C:\Users
[2011.04.13 08:48:27 | 000,000,000 | ---D | M] -- C:\Windows
[2010.11.30 20:27:09 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB
[2009.12.20 01:00:00 | 000,000,000 | ---D | M] -- C:\xampp
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 76 bytes -> C:\Users\BalloS\Documents\Bewerbungen:Roxio EMC Stream
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:319E7F0B

< End of report >
         

Extras Log
Code:
ATTFilter
OTL Extras logfile created on: 13.04.2011 08:49:20 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\BalloS\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 76,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,89 Gb Total Space | 38,69 Gb Free Space | 39,53% Space Free | Partition Type: NTFS
Drive D: | 1299,37 Gb Total Space | 1119,01 Gb Free Space | 86,12% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 1188,09 Gb Free Space | 85,03% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 420,41 Gb Free Space | 30,09% Space Free | Partition Type: NTFS
Drive J: | 14,73 Gb Total Space | 14,64 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive K: | 3,92 Gb Total Space | 3,74 Gb Free Space | 95,50% Space Free | Partition Type: NTFS
 
Computer Name: BALLOS-PC | User Name: BalloS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{C2E0D3FE-12C4-BF5B-FC4E-052CB8833424}" = AMD Fuel
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"RealVNC_is1" = VNC Enterprise Edition E4.5.4
"TeraCopy_is1" = TeraCopy 2.12
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.6.0
"WinRAR archiver" = WinRAR
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{076A5070-5A6B-4A84-A1B8-C25B705C942A}" = Radmin Server 3.4
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}" = Radmin Viewer 3.4
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8236D2E9-2528-4C5C-ABA3-E0B8B657A297}" = BlackSite: Area 51
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0407-0000-0000000FF1CE}" = Microsoft Expression Web MUI (German)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BBB7F293-12A9-821C-9409-013CD8E824EC}" = Application Profiles
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch 
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FEEC7E5A-8C86-49B4-A9B1-1CAA79652592}_is1" = Baphomets Fluch - The Directors Cut Version 1.0.697
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alcatraz/DE-German_is1" = Alcatraz
"ArgusMonitor" = ArgusMonitor
"Astaro SSL VPN Client" = Astaro SSL VPN Client 1.7
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DUMeter3_is1" = DU Meter
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"F.E.A.R. 2 Project Origin_is1" = F.E.A.R. 2 Project Origin
"Fallout New Vegas_is1" = Fallout New Vegas
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"Homefront_is1" = Homefront
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"JDownloader" = JDownloader
"Marvell Miniport Driver" = Marvell Miniport Driver
"Metro 2033_is1" = Metro 2033
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"PDF Blender" = PDF Blender
"PrintKey2000" = PrintKey2000
"PROPLUS" = Microsoft Office Professional Plus 2007
"Serv-U_is1" = Serv-U 6.4
"Sokoban YASC - Yet Another Sokoban Clone_is1" = Sokoban YASC
"Steam App 10" = Counter-Strike
"TeamViewer 6" = TeamViewer 6
"TrafficMonitor" = TrafficMonitor 4.80
"VLC media player" = VLC media player 1.1.7
"VobSub" = VobSub v2.23 (Remove Only)
"WebDesigner" = Microsoft Expression Web
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
"WinSetupFromUSB" = WinSetupFromUSB
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.04.2011 11:55:17 | Computer Name = BalloS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4095,
 Zeitstempel: 0x4d852c62  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000222c2  ID des fehlerhaften
 Prozesses: 0x10e8  Startzeit der fehlerhaften Anwendung: 0x01cbf921dc63c54f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 42c5c2b1-651d-11e0-8cb4-485b3961b490
 
Error - 12.04.2011 13:12:49 | Computer Name = BalloS-PC | Source = Application Hang | ID = 1002
Description = Programm DUMeter.exe, Version 5.4.3387.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 9e0    Startzeit: 
01cbf934c68e71d7    Endzeit: 3    Anwendungspfad: C:\PROGRA~2\DU Meter\DUMeter.exe    Berichts-ID:
 128a4865-6528-11e0-8cb4-485b3961b490  
 
Error - 12.04.2011 13:14:53 | Computer Name = BalloS-PC | Source = Application Hang | ID = 1002
Description = Programm DUMeter.exe, Version 5.4.3387.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1618    Startzeit:
 01cbf934de3db7ff    Endzeit: 2    Anwendungspfad: C:\PROGRA~2\DU Meter\DUMeter.exe    Berichts-ID:
 603c7d32-6528-11e0-8cb4-485b3961b490  
 
Error - 13.04.2011 00:31:48 | Computer Name = BalloS-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NFD,type="win32",version="5.2.0.0".  Definition:
 NFD,type="win32",version="5.0.0.0".  Verwenden Sie das Programm "sxstrace.exe" für
 eine detaillierte Diagnose.
 
Error - 13.04.2011 00:31:48 | Computer Name = BalloS-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
 in Zeile  3.  Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
 angeforderten Komponente überein.  Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
 NScCoreComponents,type="win32",version="5.3.0.0".  Verwenden Sie das Programm "sxstrace.exe"
 für eine detaillierte Diagnose.
 
Error - 13.04.2011 00:32:49 | Computer Name = BalloS-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "d:\wolfenstein\MP\ServerLauncher.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 
Error - 13.04.2011 02:23:07 | Computer Name = BalloS-PC | Source = WinVNC4 | ID = 1
Description = SDisplay: clipboard: OpenClipboard(getText): Zugriff verweigert (5)


 
Error - 13.04.2011 02:23:50 | Computer Name = BalloS-PC | Source = WinVNC4 | ID = 1
Description = SDisplay: clipboard: OpenClipboard(getText): Zugriff verweigert (5)


 
Error - 13.04.2011 02:30:44 | Computer Name = BalloS-PC | Source = WinVNC4 | ID = 1
Description = SDisplay: clipboard: OpenClipboard(getText): Zugriff verweigert (5)


 
Error - 13.04.2011 02:40:42 | Computer Name = BalloS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Au_.exe, Version: 0.0.0.0, Zeitstempel:
 0x4b1ae3c1  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:
 0x4ce7ba58  Ausnahmecode: 0xc00000fd  Fehleroffset: 0x0002e02e  ID des fehlerhaften Prozesses:
 0xd14  Startzeit der fehlerhaften Anwendung: 0x01cbf9a5ae13424f  Pfad der fehlerhaften
 Anwendung: C:\Users\BalloS\AppData\Local\Temp\~nsu.tmp\Au_.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: f3a3538a-6598-11e0-a7f5-485b3961b490
 
[ System Events ]
Error - 18.01.2011 13:14:26 | Computer Name = BalloS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
 
Error - 18.01.2011 13:14:26 | Computer Name = BalloS-PC | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.
 
Error - 18.01.2011 13:42:58 | Computer Name = BalloS-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 18.01.2011 13:43:35 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 20.01.2011 18:51:51 | Computer Name = BalloS-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 20.01.2011 18:52:04 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 21.01.2011 09:18:31 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 21.01.2011 10:02:39 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 21.01.2011 19:13:48 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
Error - 22.01.2011 21:04:26 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
 beendet: %%1.
 
 
< End of report >
         
__________________


Alt 13.04.2011, 13:14   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________

Alt 13.04.2011, 13:22   #4
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Wusste ich anhand des stöberns hier schon

Gerade ist der Suchlauf durch:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6350

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

13.04.2011 13:10:43
mbam-log-2011-04-13 (13-10-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 336756
Laufzeit: 27 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Macht es Sinn auch die anderen Partitionen mit durchsuchen zu lassen ? Würde dabei ein Quick-Scan reichen ?

Alt 13.04.2011, 13:51   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Nein, mach bitte Vollscans

Zitat:
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
Was willst du damit bezwecken?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2011, 13:57   #6
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Keine Ahnung. Von mir stammt es nicht.

DuMeter zeigt mir in den Verbindungen auch jede Menge Verbindungen zu der Adresse mit verschiendenen Ports an.

Code:
ATTFilter
Program	Local Address & Port	Remote Address & Port	Connection State
	validation.sls.microsoft.com:5357	validation.sls.microsoft.com:59023	TIME_WAIT
	validation.sls.microsoft.com:5357	validation.sls.microsoft.com:59024	TIME_WAIT
TeamViewer6	validation.sls.microsoft.com:49157	validation.sls.microsoft.com:49158	ESTABLISHED
TeamViewer6	validation.sls.microsoft.com:49158	validation.sls.microsoft.com:49157	ESTABLISHED
firefox.exe	validation.sls.microsoft.com:49201	validation.sls.microsoft.com:49202	ESTABLISHED
firefox.exe	validation.sls.microsoft.com:49202	validation.sls.microsoft.com:49201	ESTABLISHED
firefox.exe	validation.sls.microsoft.com:49203	validation.sls.microsoft.com:49204	ESTABLISHED
firefox.exe	validation.sls.microsoft.com:49204	validation.sls.microsoft.com:49203	ESTABLISHED
TeamViewer6	BalloS-PC.fritz.box:http(80)	193.106.175.184:44979	SYN_RCVD
winvnc4.exe	BalloS-PC.fritz.box:5900	p5098dcd3.dip0.t-ipconnect.de:2344	ESTABLISHED
jucheck.exe	BalloS-PC.fritz.box:49934	a92-122-207-162.deploy.akamaitechnologies.com:http(80)	CLOSE_WAIT
TeamViewer6	BalloS-PC.fritz.box:55814	227.208.81.95.chtts.ru:5938	ESTABLISHED
	BalloS-PC.fritz.box:58971	fx-in-f101.1e100.net:http(80)	TIME_WAIT
	BalloS-PC.fritz.box:59022	fritz.box:49000	TIME_WAIT
         
Hab mir aber bisher nichts dabei gedacht, da ich es für irgendwas von Windows für die Updateroutine gehalten habe.

Alt 13.04.2011, 14:07   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Validation Check bedeutet, dass MS dein Windows prüft ob es legal oder schwarz ist.
Dann verrat uns doch mal ganz ehrlich aus welcher Quelle diese Windows-Installation stammt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2011, 14:11   #8
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Ist eine Original Version von Windows 7 64bit. Hab sie über meine Firma günstiger bekommen.

Aufgespielt wurde es von einem Kollegen, der mir dann den PC fertig übergeben hatte.

Wusste nicht, dass es einen solchen Eintrag in der Hosts Datei gibt, da ja, wie gesagt auch Firefox usw. scheinbar auf die Adresse zugreifen. Da würde es ja keinen Sinn machen, dass sie auf den localhost verweist.

Auch funktionieren alle Windowsupdates ohne Probleme. Es gab noch nie in irgendeiner Weise eine Fehlermeldung, dass die Version nicht echt wäre.

Alt 13.04.2011, 14:19   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Downloade Dir bitte WVCheck von Artellos.com
  • Speichere die Datei auf dem Desktop. ( solltest Du dir die .zip Datei herunter geladen haben musst Du diese zuerst entpacken )
  • Starte die .exe mit Doppelklick
    Vista und Win7 User: mit Rechtsklick "als Admin ausführen" starten
  • Wie beschrieben, kann das Tool eine Weile brauchen.
  • Wenn es erledigt ist, kopiere den Inhalt des Textdokumentes hier in deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2011, 14:38   #10
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Code:
ATTFilter
Windows Validation Check
Version: 1.9.12.5
Log Created On: 1435_13-04-2011
-----------------------

Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1 
Windows Mode: Normal
Systemroot Path: C:\Windows

WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2011-04-13 08:33:43
Last Success Time for Update Download: 2011-04-13 08:37:51
Last Success Time for Update Installation: 2011-04-13 08:43:21


WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------


WVCheck's File Dump
-----------------------
WVCheck found no known bad files.


WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.


WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.


WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.


WVCheck's HOSTS File Check
-----------------------
Line: 127.0.0.1 validation.sls.microsoft.com
Matched: *microsoft.com*
-----------------------


WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3


-------- End of File, program close at 1435_13-04-2011 --------
         
So, wie es aussieht hat er auch nur wieder die Zeile in der Hosts Datei gefunden.

Alt 13.04.2011, 14:40   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



AdobeCS5 auch original?




Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
@Alternate Data Stream - 76 bytes -> C:\Users\BalloS\Documents\Bewerbungen:Roxio EMC Stream
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:319E7F0B
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\install\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Launcher.exe
O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTORUN.exe
O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell - "" = AutoRun
O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell\AutoRun\command - "" = H:\Autorun.exe
O4 - HKLM..\Run: []  File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2011, 14:52   #12
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Adobe CS5 war eine Testversion von Adobe Dreamweaver CS5, wo der Testzeitraum aber schon abgelaufen ist.

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\Users\BalloS\Documents\Bewerbungen:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\Temp:319E7F0B deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ not found.
File I:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ not found.
File H:\AUTORUN.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ not found.
File I:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a841895-e41f-11df-b887-485b3961b490}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a841895-e41f-11df-b887-485b3961b490}\ not found.
File H:\Autorun.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: BalloS
->Temp folder emptied: 9226180 bytes
->Temporary Internet Files folder emptied: 673924 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46872125 bytes
->Flash cache emptied: 692 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3566 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 54,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04132011_144543

Files\Folders moved on Reboot...
C:\Users\BalloS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{073FBA05-5F38-46D3-8EAB-57BE269BE07C}.tmp moved successfully.
C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4819B7E3-51ED-484B-B16B-9B6D5DF636F3}.tmp moved successfully.
C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9F050FA5-C944-4E67-A189-62710EA13371}.tmp moved successfully.
File\Folder C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DEA57802-155A-4061-B738-040B5B3DB195}.tmp not found!

Registry entries deleted on Reboot...
         

Alt 13.04.2011, 15:01   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.04.2011, 15:07   #14
BalloS
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Code:
ATTFilter
2011/04/13 15:04:54.0088 4732	TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 15:04:54.0344 4732	================================================================================
2011/04/13 15:04:54.0344 4732	SystemInfo:
2011/04/13 15:04:54.0344 4732	
2011/04/13 15:04:54.0344 4732	OS Version: 6.1.7601 ServicePack: 1.0
2011/04/13 15:04:54.0344 4732	Product type: Workstation
2011/04/13 15:04:54.0344 4732	ComputerName: BALLOS-PC
2011/04/13 15:04:54.0345 4732	UserName: BalloS
2011/04/13 15:04:54.0345 4732	Windows directory: C:\Windows
2011/04/13 15:04:54.0345 4732	System windows directory: C:\Windows
2011/04/13 15:04:54.0345 4732	Running under WOW64
2011/04/13 15:04:54.0345 4732	Processor architecture: Intel x64
2011/04/13 15:04:54.0345 4732	Number of processors: 4
2011/04/13 15:04:54.0345 4732	Page size: 0x1000
2011/04/13 15:04:54.0345 4732	Boot type: Normal boot
2011/04/13 15:04:54.0345 4732	================================================================================
2011/04/13 15:04:55.0675 4732	Initialize success
2011/04/13 15:05:02.0060 3976	================================================================================
2011/04/13 15:05:02.0060 3976	Scan started
2011/04/13 15:05:02.0060 3976	Mode: Manual; 
2011/04/13 15:05:02.0060 3976	================================================================================
2011/04/13 15:05:02.0626 3976	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/04/13 15:05:02.0668 3976	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/04/13 15:05:02.0699 3976	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/04/13 15:05:02.0745 3976	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/13 15:05:02.0771 3976	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/13 15:05:02.0793 3976	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/13 15:05:02.0862 3976	AFD             (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/04/13 15:05:02.0903 3976	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/04/13 15:05:02.0935 3976	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/04/13 15:05:02.0990 3976	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/04/13 15:05:03.0022 3976	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/04/13 15:05:03.0046 3976	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/13 15:05:03.0197 3976	amdkmdag        (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/13 15:05:03.0357 3976	amdkmdap        (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/13 15:05:03.0379 3976	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/13 15:05:03.0407 3976	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/04/13 15:05:03.0435 3976	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/13 15:05:03.0465 3976	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/04/13 15:05:03.0521 3976	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/04/13 15:05:03.0553 3976	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/13 15:05:03.0571 3976	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/13 15:05:03.0613 3976	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 15:05:03.0645 3976	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/04/13 15:05:03.0694 3976	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/04/13 15:05:03.0731 3976	AtiHdmiService  (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/04/13 15:05:03.0772 3976	avgntflt        (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/13 15:05:03.0798 3976	avipbb          (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/13 15:05:03.0831 3976	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/13 15:05:03.0864 3976	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/13 15:05:03.0901 3976	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/13 15:05:03.0931 3976	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/13 15:05:03.0975 3976	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 15:05:03.0993 3976	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/13 15:05:04.0009 3976	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/13 15:05:04.0039 3976	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/13 15:05:04.0065 3976	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/13 15:05:04.0083 3976	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/13 15:05:04.0100 3976	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/13 15:05:04.0119 3976	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/13 15:05:04.0150 3976	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 15:05:04.0186 3976	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/04/13 15:05:04.0209 3976	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/13 15:05:04.0255 3976	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/13 15:05:04.0289 3976	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/13 15:05:04.0324 3976	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/04/13 15:05:04.0366 3976	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/04/13 15:05:04.0394 3976	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/13 15:05:04.0424 3976	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/13 15:05:04.0473 3976	copperhd        (44622785d2d2dd8b13e6dc969b6e34a4) C:\Windows\system32\drivers\copperhd.sys
2011/04/13 15:05:04.0489 3976	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/13 15:05:04.0528 3976	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/04/13 15:05:04.0588 3976	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 15:05:04.0617 3976	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/13 15:05:04.0653 3976	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/13 15:05:04.0770 3976	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 15:05:04.0913 3976	DUMeterDrv      (0fc200432b49029445392ce544715408) C:\Program Files (x86)\DU Meter\DUMETR64.SYS
2011/04/13 15:05:04.0950 3976	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 15:05:05.0023 3976	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/13 15:05:05.0114 3976	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/13 15:05:05.0153 3976	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/04/13 15:05:05.0193 3976	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/13 15:05:05.0223 3976	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 15:05:05.0247 3976	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 15:05:05.0283 3976	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 15:05:05.0310 3976	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 15:05:05.0328 3976	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 15:05:05.0365 3976	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 15:05:05.0398 3976	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/13 15:05:05.0426 3976	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 15:05:05.0457 3976	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/13 15:05:05.0479 3976	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/13 15:05:05.0501 3976	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/13 15:05:05.0551 3976	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/04/13 15:05:05.0591 3976	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/13 15:05:05.0605 3976	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/13 15:05:05.0622 3976	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/13 15:05:05.0639 3976	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/13 15:05:05.0687 3976	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/04/13 15:05:05.0754 3976	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/13 15:05:05.0809 3976	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 15:05:05.0858 3976	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/13 15:05:05.0907 3976	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/04/13 15:05:05.0938 3976	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/04/13 15:05:05.0990 3976	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/13 15:05:06.0025 3976	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/04/13 15:05:06.0049 3976	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 15:05:06.0089 3976	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 15:05:06.0116 3976	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/13 15:05:06.0151 3976	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/13 15:05:06.0172 3976	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 15:05:06.0193 3976	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/04/13 15:05:06.0222 3976	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/04/13 15:05:06.0258 3976	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/04/13 15:05:06.0280 3976	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/04/13 15:05:06.0310 3976	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 15:05:06.0352 3976	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/13 15:05:06.0377 3976	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/13 15:05:06.0422 3976	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 15:05:06.0457 3976	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/13 15:05:06.0484 3976	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/13 15:05:06.0503 3976	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/13 15:05:06.0536 3976	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/13 15:05:06.0566 3976	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/13 15:05:06.0596 3976	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/13 15:05:06.0619 3976	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/13 15:05:06.0653 3976	mirrorv3        (090ee52afdff9932909c480bdda0c8ce) C:\Windows\system32\DRIVERS\rminiv3.sys
2011/04/13 15:05:06.0679 3976	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/13 15:05:06.0704 3976	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 15:05:06.0725 3976	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/04/13 15:05:06.0748 3976	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 15:05:06.0773 3976	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 15:05:06.0805 3976	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/04/13 15:05:06.0830 3976	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 15:05:06.0866 3976	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 15:05:06.0906 3976	mrxsmb          (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 15:05:06.0933 3976	mrxsmb10        (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 15:05:06.0966 3976	mrxsmb20        (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 15:05:06.0989 3976	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/04/13 15:05:07.0015 3976	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/04/13 15:05:07.0060 3976	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 15:05:07.0089 3976	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/13 15:05:07.0108 3976	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/04/13 15:05:07.0155 3976	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 15:05:07.0174 3976	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 15:05:07.0195 3976	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 15:05:07.0222 3976	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 15:05:07.0257 3976	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/04/13 15:05:07.0275 3976	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 15:05:07.0296 3976	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/13 15:05:07.0337 3976	MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/13 15:05:07.0365 3976	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/13 15:05:07.0401 3976	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 15:05:07.0456 3976	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/04/13 15:05:07.0488 3976	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/13 15:05:07.0519 3976	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 15:05:07.0553 3976	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 15:05:07.0595 3976	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 15:05:07.0636 3976	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 15:05:07.0670 3976	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 15:05:07.0704 3976	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 15:05:07.0761 3976	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/13 15:05:07.0819 3976	NPF             (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/04/13 15:05:07.0849 3976	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 15:05:07.0879 3976	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 15:05:07.0937 3976	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 15:05:08.0002 3976	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/13 15:05:08.0033 3976	nusb3hub        (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/04/13 15:05:08.0060 3976	nusb3xhc        (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/04/13 15:05:08.0107 3976	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/04/13 15:05:08.0144 3976	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/04/13 15:05:08.0176 3976	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/04/13 15:05:08.0216 3976	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/04/13 15:05:08.0277 3976	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/13 15:05:08.0314 3976	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 15:05:08.0363 3976	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/04/13 15:05:08.0377 3976	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/04/13 15:05:08.0403 3976	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/13 15:05:08.0433 3976	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/13 15:05:08.0463 3976	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/13 15:05:08.0564 3976	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 15:05:08.0584 3976	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/13 15:05:08.0632 3976	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/13 15:05:08.0670 3976	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/13 15:05:08.0746 3976	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/13 15:05:08.0777 3976	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 15:05:08.0858 3976	raddrvv3        (eaea964b2d9b23c6adc5332c9b1cf228) C:\Windows\SysWOW64\rserver30\raddrvv3.sys
2011/04/13 15:05:08.0874 3976	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 15:05:08.0908 3976	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/13 15:05:08.0946 3976	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 15:05:08.0990 3976	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 15:05:09.0013 3976	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 15:05:09.0044 3976	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 15:05:09.0072 3976	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/13 15:05:09.0096 3976	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 15:05:09.0136 3976	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/04/13 15:05:09.0165 3976	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 15:05:09.0188 3976	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/13 15:05:09.0225 3976	RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/04/13 15:05:09.0261 3976	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 15:05:09.0302 3976	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/04/13 15:05:09.0379 3976	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 15:05:09.0416 3976	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/04/13 15:05:09.0460 3976	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/13 15:05:09.0504 3976	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/13 15:05:09.0540 3976	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 15:05:09.0576 3976	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/13 15:05:09.0601 3976	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/13 15:05:09.0644 3976	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/13 15:05:09.0691 3976	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/04/13 15:05:09.0715 3976	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/13 15:05:09.0735 3976	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/13 15:05:09.0761 3976	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/13 15:05:09.0794 3976	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/13 15:05:09.0812 3976	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/13 15:05:09.0837 3976	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 15:05:09.0875 3976	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/13 15:05:09.0939 3976	sptd            (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
2011/04/13 15:05:09.0939 3976	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
2011/04/13 15:05:09.0944 3976	sptd - detected Locked file (1)
2011/04/13 15:05:09.0974 3976	srv             (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 15:05:10.0012 3976	srv2            (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 15:05:10.0047 3976	srvnet          (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 15:05:10.0122 3976	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/13 15:05:10.0148 3976	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/13 15:05:10.0183 3976	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/04/13 15:05:10.0220 3976	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/04/13 15:05:10.0300 3976	tap0901         (1329c8623cd686a4f85f7ba471f015d2) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/13 15:05:10.0355 3976	TarFltr         (827f682e9d2d9b2a49691c3a9697a3bb) C:\Windows\system32\drivers\UsbFltr.sys
2011/04/13 15:05:10.0411 3976	Tcpip           (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 15:05:10.0495 3976	TCPIP6          (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 15:05:10.0532 3976	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 15:05:10.0565 3976	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 15:05:10.0581 3976	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 15:05:10.0614 3976	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 15:05:10.0653 3976	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/04/13 15:05:10.0716 3976	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 15:05:10.0749 3976	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/13 15:05:10.0800 3976	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 15:05:10.0832 3976	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/13 15:05:10.0870 3976	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 15:05:10.0938 3976	uisp            (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys
2011/04/13 15:05:10.0967 3976	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/13 15:05:11.0010 3976	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/04/13 15:05:11.0036 3976	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/13 15:05:11.0073 3976	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/04/13 15:05:11.0101 3976	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/04/13 15:05:11.0128 3976	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 15:05:11.0177 3976	usbfilter       (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/04/13 15:05:11.0207 3976	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 15:05:11.0240 3976	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/13 15:05:11.0270 3976	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/13 15:05:11.0299 3976	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 15:05:11.0313 3976	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 15:05:11.0354 3976	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/13 15:05:11.0381 3976	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 15:05:11.0401 3976	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/13 15:05:11.0444 3976	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/04/13 15:05:11.0497 3976	VIAHdAudAddService (8f69c38a8ba725f891f26aac8888696e) C:\Windows\system32\drivers\viahduaa.sys
2011/04/13 15:05:11.0543 3976	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/04/13 15:05:11.0572 3976	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/04/13 15:05:11.0602 3976	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/13 15:05:11.0635 3976	VMfilt          (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\VMfilt64.sys
2011/04/13 15:05:11.0670 3976	vncmirror       (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/04/13 15:05:11.0695 3976	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/04/13 15:05:11.0729 3976	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 15:05:11.0761 3976	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/04/13 15:05:11.0807 3976	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/13 15:05:11.0836 3976	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/13 15:05:11.0863 3976	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/13 15:05:11.0886 3976	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 15:05:11.0901 3976	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 15:05:11.0938 3976	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/13 15:05:11.0970 3976	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 15:05:12.0034 3976	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/13 15:05:12.0058 3976	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/13 15:05:12.0133 3976	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/13 15:05:12.0166 3976	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/13 15:05:12.0213 3976	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 15:05:12.0268 3976	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/04/13 15:05:12.0307 3976	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 15:05:12.0368 3976	yukonw7         (b2818bfab7817f7e7ee886f58b15b35c) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/04/13 15:05:12.0462 3976	================================================================================
2011/04/13 15:05:12.0462 3976	Scan finished
2011/04/13 15:05:12.0462 3976	================================================================================
2011/04/13 15:05:12.0477 0632	Detected object count: 1
2011/04/13 15:05:29.0312 0632	Locked file(sptd) - User select action: Skip
         

Alt 13.04.2011, 15:11   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Unmengen an Upload -> Virus/Trojaner ? - Standard

Unmengen an Upload -> Virus/Trojaner ?



Unauffällig.

Code:
ATTFilter
TeamViewer6	validation.sls.microsoft.com:49157	validation.sls.microsoft.com:49158	ESTABLISHED
TeamViewer6	validation.sls.microsoft.com:49158	validation.sls.microsoft.com:49157	ESTABLISHED
         
Was zum Geier hat der Teamviewer mit validation.sls.microsoft.com zu tun?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Unmengen an Upload -> Virus/Trojaner ?
bewusst, daten, dinge, einfach, emule, folge, folgendes, fritz box, gen, heute, internet, logdateien, neustarten, nicht mehr, p2p, programm, remote, senden, traffic, upload, verbindungen, viren, virus/trojaner, welchem, wireshark, zeiten



Ähnliche Themen: Unmengen an Upload -> Virus/Trojaner ?


  1. Virus/Trojaner: Unmengen Werbung, Pop Ups beim Browsen
    Log-Analyse und Auswertung - 21.06.2015 (42)
  2. Neuer Laptop und unmengen an Popups! Surfen fast nicht mehr möglich!
    Plagegeister aller Art und deren Bekämpfung - 23.05.2015 (37)
  3. Windows 8: neuer Laptop öffnet Unmengen an Werbung im Browser
    Log-Analyse und Auswertung - 07.04.2015 (11)
  4. Windows 7: Upload gering, Laptop langsam, Virus?
    Plagegeister aller Art und deren Bekämpfung - 14.05.2014 (29)
  5. fjhdyfhsn.bat und Unmengen Spam
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (17)
  6. Trojaner,Virus,kostenpflichtiges Upload
    Log-Analyse und Auswertung - 27.02.2012 (13)
  7. Upload durch Virus blockiert?
    Log-Analyse und Auswertung - 13.06.2011 (2)
  8. Während Internetverbindung Unmengen von Daten über Port 1935
    Log-Analyse und Auswertung - 27.11.2010 (7)
  9. empfange unmengen von Packeten
    Log-Analyse und Auswertung - 22.01.2010 (1)
  10. vermutlich Trojaner,lahmes internet, upload aktiv
    Mülltonne - 16.12.2009 (1)
  11. Upload viel zu niedrig: 4kByte/s - VIRUS ?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2009 (1)
  12. Einmaliger hoher Upload - Trojaner?
    Log-Analyse und Auswertung - 30.01.2009 (1)
  13. Habe ich ein trojaner (durchgehend Upload)
    Log-Analyse und Auswertung - 30.01.2008 (7)
  14. Probleme mit der Verbindung (UPLOAD!) - möglicher Virus?
    Plagegeister aller Art und deren Bekämpfung - 16.01.2008 (10)
  15. Upload durch virus/trojaner blockiert
    Plagegeister aller Art und deren Bekämpfung - 24.06.2007 (6)
  16. upload traffic - kein virus/trojaner gefunden
    Log-Analyse und Auswertung - 04.04.2007 (2)
  17. plötzlich unmengen von unterordnern
    Plagegeister aller Art und deren Bekämpfung - 12.04.2004 (8)

Zum Thema Unmengen an Upload -> Virus/Trojaner ? - Hi, ich bin echt am verzweifeln im Moment. Mir ist seit gestern aufgefallen, dass mein PC eigentlich dauerhaft große Mengen an Daten ins Internet lädt. Ich habe seit heute morgen - Unmengen an Upload -> Virus/Trojaner ?...
Archiv
Du betrachtest: Unmengen an Upload -> Virus/Trojaner ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.