Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Backdoor.messa (https://www.trojaner-board.de/110667-backdoor-messa.html)

rka0 01.03.2012 05:22
Backdoor.messa
 
Auch ich habe heute morgen Bekanntschaft mit dem "Bitte zahlen Sie für Ihr blockiertes Windows-System"-Screen gemacht.
Habe Malwarebyte und Superantispyware laufen lassen und backdoor.messa aus c:/user entfernt.
Hier noch ein paar Logfiles.
Was ist conime.exe? Ist mir noch nie aufgefallen vorher.

cosinus 01.03.2012 21:15
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?




Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

rka0 01.03.2012 22:01
Danke für die Antwort. Heute hattet Ihr bestimmt Sonderschichten. Ich habe nun Reinigungen mit Avira Premium, Malware Antispyware, TDSS Killer und Super-Antispyware durchgeführt, nachdem ich heute morgen eine Systemwiederherstellung von vorgestern durchführen musste. Das System scheint nun sauber zu sein. Die Conime.exe ist laut Virus-Total auch in Ordnung. Wenn Du magst, kannst Du Dir noch mal das OTL-Logfile anschauen von jetzt gerade eben; So richtig sicher fühle ich mich nicht.

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 01.03.2012 21:55:48 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = E:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 48,43% Memory free
8,19 Gb Paging File | 5,60 Gb Available in Paging File | 68,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 542,64 Gb Total Space | 333,78 Gb Free Space | 61,51% Space Free | Partition Type: NTFS
Drive E: | 388,87 Gb Total Space | 140,30 Gb Free Space | 36,08% Space Free | Partition Type: NTFS
 
Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [printdir] -- %windir%\printdir.bat "%1" ()
Directory [viewdir] -- %windir%\viewdir.bat "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OpenNew] -- cmd.exe /k cd %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [printdir] -- %windir%\printdir.bat "%1" ()
Directory [viewdir] -- %windir%\viewdir.bat "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = 74 0C 11 2E 7B 3E CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4223294054-2252070966-736884885-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4477FA8D-3113-4A0B-83E8-959945A6A22C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4C427A99-ABE1-4EBD-9E4D-9B138C1B66F3}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{55E3523C-6171-435C-A9EF-1B0E0E094B79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{568E007D-AFC2-4E11-A42B-C66E76FA6D4A}" = lport=445 | protocol=6 | dir=in | app=system |
"{5B55C178-1937-414A-9487-88354171A362}" = rport=445 | protocol=6 | dir=out | app=system |
"{6736D996-E0C0-4B38-9466-7BFFF17DBCDE}" = lport=138 | protocol=17 | dir=in | app=system |
"{696862F2-6F44-4A15-9852-83D3A0741E52}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AA30B040-BD51-44F7-806D-F271DD1F50FE}" = rport=137 | protocol=17 | dir=out | app=system |
"{AECCC0DB-FF04-4DE7-8FC0-3EA0B2CD842A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BC72F7DE-0C34-4BDE-8550-FDA9070B6524}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE5CB16F-CEBD-4A43-8E6B-ABCAEFA20422}" = lport=137 | protocol=17 | dir=in | app=system |
"{C8537E1A-BBAD-4B9D-944B-723FECD79656}" = rport=139 | protocol=6 | dir=out | app=system |
"{CE6B037B-7127-4C90-A1EC-3C2CEAD6562D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E5D957FD-2D68-4153-B9A7-29CDB53F8726}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{EC5ACE10-4558-4062-B185-355BED1F517B}" = lport=139 | protocol=6 | dir=in | app=system |
"{F2CDDA80-20A9-443B-8633-1AB8AF74B9A6}" = rport=138 | protocol=17 | dir=out | app=system |
"{F5808458-9922-49CF-BBD5-1DBB5633C726}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{F8CADC18-D3ED-4AFC-A795-87D3BA1FECDA}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A35158F-F293-4E36-A204-4589CB9E86CC}" = protocol=17 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe |
"{0BF80E0A-1217-4F49-8B25-F734C7BB9EBA}" = protocol=6 | dir=in | app=c:\games\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{210A96D1-1ED2-4A89-8754-A8C10FBCA281}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2E2D6E2D-7980-4075-9F67-D76C1052AF73}" = protocol=17 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{2FEFA728-B679-40EB-9B68-8ABB5D264DD5}" = protocol=6 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{316CC107-8BA3-43AA-81A5-52E1C2D1B0D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{31D20E3C-7DD3-4A7F-830D-A072ACA37C06}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A31AF01-02A0-4CE9-A64C-155BCD65EA90}" = protocol=17 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{41D50E12-810D-4FD2-B0F9-3607DE7926EB}" = protocol=6 | dir=in | app=c:\games\dragon age 2\dragonage2launcher.exe |
"{49FDF1AB-4178-4F9C-88D1-8FB6BD5D1E01}" = protocol=17 | dir=in | app=c:\games\dragon age origins character creator\bin_ship\daocharactercreator.exe |
"{500C952F-58B1-41A5-BA6B-1BEE2D6FF270}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{5265ED28-5B54-4D97-BFC6-A07CB81259CE}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{586AF009-E95C-48AA-B00F-468DDF1284D1}" = protocol=17 | dir=in | app=c:\games\mass effect 2\binaries\masseffect2.exe |
"{5DFC933E-F76A-4C22-BC0C-CC703701F9B5}" = protocol=6 | dir=in | app=c:\games\mass effect\masseffectlauncher.exe |
"{65C73A0A-26D0-4E3C-91E1-03680BAF65A8}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{7B7AF574-6F98-4669-8373-F66065192B1F}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{7EF5873E-4968-4E5F-979C-F32CAEA46974}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{882F1618-4606-4B40-BECA-E091B33003E8}" = protocol=17 | dir=in | app=c:\games\dragon age origins character creator\daoriginslauncher.exe |
"{8B195E4F-384D-4DC5-B7A3-EC3133CDB24B}" = protocol=6 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{9000D64F-FE9D-4A22-93E3-4C1B8FA1CDD1}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{93FB028E-A5BC-4A21-AEF9-B9654A0058A6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{96395879-6386-4469-947D-6548A72205D9}" = protocol=6 | dir=in | app=c:\games\dragon age origins character creator\daoriginslauncher.exe |
"{A6AF9EE1-6F0A-4CE7-B425-7C9C36728773}" = protocol=6 | dir=in | app=c:\users\timr\appdata\roaming\dropbox\bin\dropbox.exe |
"{A8D2A0EF-6ABA-464B-BF2F-6ADB2D788F8B}" = protocol=17 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{AA613AE4-8B8F-4194-BCA8-9D88CD77551F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{B54949CC-26F7-4400-90C0-5245BD97D54B}" = protocol=6 | dir=in | app=c:\games\mass effect 2\masseffect2launcher.exe |
"{C0DE0596-2E04-4A65-BC15-458DC875D2C4}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{C83B19F8-C1D4-411C-BE35-9CC6BB620234}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\daoriginslauncher.exe |
"{D0910AD6-CE64-4501-B5AE-49FCB0ACFA55}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daupdatersvc.service.exe |
"{E4BB4EB9-FDA8-499B-83B0-449BF72B177C}" = protocol=17 | dir=in | app=c:\users\timr\appdata\roaming\dropbox\bin\dropbox.exe |
"{E9F56AF2-AE88-4AEA-921C-282CE7F40E7A}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age\bin_ship\daorigins.exe |
"{EF3BB84A-AC0A-43F5-88AE-3FF22FC5BC16}" = protocol=17 | dir=in | app=c:\games\mass effect\binaries\masseffect.exe |
"{F6AEB06C-67B5-4E6E-902F-2BF5F910F3DB}" = protocol=17 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe |
"{F6B212D3-E50B-4DA7-920B-90D05A46188F}" = protocol=6 | dir=in | app=c:\games\starcraft ii\starcraft ii.exe |
"{F797AE50-8C59-40F0-B7ED-05D95DBDCC60}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{F8272D9E-97CF-4841-B4C8-488C605B2A86}" = protocol=6 | dir=in | app=c:\games\dragon age 2\bin_ship\dragonage2.exe |
"TCP Query User{129D2307-0DA5-4E24-87F5-D9C3188880E5}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"TCP Query User{27404428-D206-4C31-B3B6-7E4C2B3581A9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{2C3282C2-198D-43A1-A30B-F276126CDA6D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{4995D3C3-963F-4A1F-BA4B-18FB318CB92C}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{85003D8B-0BB0-42C3-AC4F-FFF754CF180F}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{A5A72B48-5285-4B0C-9D4D-082324882A6C}E:\downloads\mtgoiii_helper.exe" = protocol=6 | dir=in | app=e:\downloads\mtgoiii_helper.exe |
"TCP Query User{BDB18F33-577C-4CBD-9E81-07C7BE21A4F8}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{C712E825-2754-4E49-B316-5AE112F9E34A}C:\program files (x86)\jalview\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\jalview\jre\bin\javaw.exe |
"TCP Query User{E51EBB60-5941-4E93-B6FD-0427E07DDB55}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{F1324664-CB05-4876-88C2-8698688D3871}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{FD9B905F-DE70-4B5F-95D7-FF3C56963184}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
"UDP Query User{01460080-EE11-479D-91B9-7686F3BEF8DA}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe |
"UDP Query User{18443F21-3A77-41AB-B225-8026C2AACA33}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{1B971F43-8E2B-4BBB-AF56-DFC4EA7927B9}C:\games\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{44E3D32E-9E8C-482B-81D5-0529AAF0D481}C:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{5B83FC51-C1C2-4B13-82CF-42387496276D}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"UDP Query User{72D85336-46AF-4EDF-87ED-DF4272ABC983}C:\games\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{8CEAA539-77E2-42D5-B3A3-8D2B037729FA}E:\downloads\mtgoiii_helper.exe" = protocol=17 | dir=in | app=e:\downloads\mtgoiii_helper.exe |
"UDP Query User{B14084CB-CAE4-4F2C-95AA-7852A6DBA68D}C:\games\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\games\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{C73C523C-CC4D-48C0-BC12-5BE65295C9CE}C:\program files (x86)\jalview\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\jalview\jre\bin\javaw.exe |
"UDP Query User{EE3BCC10-3C2E-46E9-A6EA-40637E410F9D}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{F92A0005-4A2D-4221-B1BE-755989000F52}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp 1.0 RC2
"{0BD776F3-057D-4C11-020C-4FA9B13D04F9}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{463FB535-67FB-17C9-6FD6-164BC60462F6}" = ccc-utility64
"{4BE9F0B8-FF3D-5CAA-9BF2-CB6F3DF75D3B}" = ccc-utility64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{67303AC9-A9BA-E413-0001-AAC1C812947C}" = AMD Fuel
"{69FDD045-DA24-CA41-8FD2-6B3A91F4EDEE}" = AMD Fuel
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D16193A3-921A-4134-B381-597C8F4B8EBD}" = PaperPort Image Printer
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.1.0-git-20120217-1212
"WinRAR archiver" = WinRAR 4.11 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{136F3A0B-5783-47AC-8DB7-1611ED879FA1}" = ClustalX2
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1BF82343-8EE6-8B76-90CF-31059B9D1842}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20288888-A7AF-4B24-8AEB-398D20CD563C}" = Sound Blaster X-Fi
"{217B8A26-B479-4361-8771-57E323D6F991}" = EtikettenAssistent 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{347151C4-7F16-B275-8865-CC6B64056D3F}" = Catalyst Control Center Graphics Previews Common
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C57D8CB-FFB6-4B58-8C07-9F2D63E05990}" = FreeUndelete 2.0.34689.1
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{62AEBBB6-8314-7902-B3DA-1690F97DFA74}" = CCC Help English
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{69FC0FD9-BA3D-45B0-88AF-C39B4121A070}" = MP3Find pro V5.02
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70C3CC75-9E14-D215-8FAD-5ABEAE3125D9}" = AMD VISION Engine Control Center
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{82808A16-D448-4FBF-9AE9-75AF3FC240DC}_is1" = MEGA5
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3ACD510-85D8-458B-9954-34DB004F2287}" = PC Connectivity Solution
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{C01AE05C-3C8C-75B3-C9F0-1B525DD3697C}" = Catalyst Control Center InstallProxy
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{D8B5B7C3-47B1-40FA-8251-59C74A543880}" = Dragon Age: Origins Character Creator
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E2903F16-9A5A-4292-9D97-8328088086B6}" = forteManager
"{E9D98510-A8B6-E39C-B8BA-BA9A511E040C}" = Catalyst Control Center Graphics Previews Common
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F865B0B5-0D43-2704-0B22-35C5F721374B}" = AMD VISION Engine Control Center
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1505-7129-3447-4151" = SplitsTree4 4.11.3
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALchemy" = Creative ALchemy
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Anti-Twin 2011-07-08 08.59.05" = Anti-Twin (Installation 08.07.2011)
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.11 (Unicode)
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Premium
"ClassicPro" = ClassicPro© v1.14
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Diagnostics 4_5" = Creative-Diagnose
"Dolby Digital Live Pack" = Dolby Digital Live Pack
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Exact Audio Copy" = Exact Audio Copy 1.0beta1
"ffdshow_is1" = ffdshow [rev 3154] [2009-12-09]
"FileHippo.com" = FileHippo.com Update Checker
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.3.3
"Freemake Video Downloader_is1" = Freemake Video Downloader version 2.0.0
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Inkscape" = Inkscape 0.48.1
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"Jalview" = Jalview
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"Notepad++" = Notepad++
"OpenAL" = OpenAL
"Opera 11.61.1250" = Opera 11.61
"Origin" = Origin
"PDF Blender" = PDF Blender
"PowerMenu" = PowerMenu 1.51
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"Secunia PSI" = Secunia PSI (3.0.0.0004)
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Trillian" = Trillian
"URLSnooper 2_is1" = URL Snooper v2.29.01
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"xp-AntiSpy" = xp-AntiSpy 3.98-2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BioLayout Express 3D Web Start Version" = BioLayout Express 3D Web Start Version
"Dropbox" = Dropbox
"LCDSirReal" = LCDSirReal - a multipurpose plugin for the Logitech G13/G15
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.03.2012 04:01:11 | Computer Name = Schwobb | Source = VSS | ID = 13
Description =
 
Error - 01.03.2012 04:01:11 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description =
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 13
Description =
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description =
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 13
Description =
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description =
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 13
Description =
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = VSS | ID = 8193
Description =
 
Error - 01.03.2012 05:43:34 | Computer Name = Schwobb | Source = Windows Search Service | ID = 3013
Description =
 
Error - 01.03.2012 05:43:34 | Computer Name = Schwobb | Source = Windows Search Service | ID = 3013
Description =
 
[ OSession Events ]
Error - 18.01.2010 11:21:51 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3857
 seconds with 3600 seconds of active time.  This session ended with a crash.
 
Error - 06.05.2010 17:29:52 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 893
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 15.06.2011 11:56:39 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6550.5004, Microsoft Office Version: 12.0.6425.1000. This session lasted 55
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 19.07.2011 16:58:16 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11821
 seconds with 1740 seconds of active time.  This session ended with a crash.
 
Error - 17.08.2011 12:03:02 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12606
 seconds with 2280 seconds of active time.  This session ended with a crash.
 
Error - 11.09.2011 12:02:08 | Computer Name = Schwobb | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12489
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.03.2012 04:01:12 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.03.2012 04:02:28 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.03.2012 05:37:41 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.03.2012 05:37:41 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7001
Description =
 
Error - 01.03.2012 05:43:05 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7022
Description =
 
Error - 01.03.2012 06:36:45 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.03.2012 10:57:44 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7000
Description =
 
Error - 01.03.2012 11:28:36 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7034
Description =
 
Error - 01.03.2012 11:31:10 | Computer Name = Schwobb | Source = Service Control Manager | ID = 7034
Description =
 
 
< End of report >
--- --- ---

rka0 01.03.2012 22:01
Code:
OTL logfile created on: 01.03.2012 21:55:48 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = E:\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 48,43% Memory free
8,19 Gb Paging File | 5,60 Gb Available in Paging File | 68,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 542,64 Gb Total Space | 333,78 Gb Free Space | 61,51% Space Free | Partition Type: NTFS
Drive E: | 388,87 Gb Total Space | 140,30 Gb Free Space | 36,08% Space Free | Partition Type: NTFS
 
Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.01 04:27:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- E:\Downloads\OTL.exe
PRC - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.02.16 16:11:52 | 001,019,872 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Program Files (x86)\GPUZ\GPU-Z.0.5.9.exe
PRC - [2012.01.27 07:57:23 | 000,949,104 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Opera\opera.exe
PRC - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.08 08:26:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.07.07 20:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.07.07 20:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.01 16:15:07 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll
MOD - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
MOD - [2009.06.29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2007.09.13 18:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.01 16:33:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.25 21:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\ATI\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files (x86)\SAS\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.10 00:42:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.12.10 00:23:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.12.08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.17 18:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.29 19:42:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 19:42:50 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.12.21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.07.07 22:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 22:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 22:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 22:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 22:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 22:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 22:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 22:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASKUTIL64.SYS -- (SASKUTIL)
DRV - [2008.08.08 13:52:48 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008.08.08 13:52:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB F2 93 D9 5A EE CC 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_221.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
 
 
O1 HOSTS File: ([2011.03.13 15:15:23 | 000,431,157 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14842 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech\SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\11-12\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 195.50.140.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6659378C-9D4A-4D5D-882C-148AEC3A7B09}: DhcpNameServer = 195.50.140.116 195.50.140.180
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.25 20:18:54 | 000,000,035 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\AutoRun\command - "" = G:\jeti\\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\explore\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\install\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\open\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{6422d340-9cc8-11df-91e9-00261822e3e6}\Shell\AutoRun\command - "" = F:\shelexec.exe .\Vaillant\index.htm
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell - "" = AutoRun
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.01 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\vlc
[2012.03.01 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
[2012.03.01 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.01 17:01:14 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.01 17:01:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.01 17:01:14 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.01 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.01 16:33:28 | 008,756,384 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.03.01 16:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.01 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Secunia PSI
[2012.03.01 16:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.03.01 16:15:07 | 000,417,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.01 16:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012.03.01 16:09:32 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.01 16:09:32 | 000,660,368 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.01 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SAS
[2012.03.01 04:45:18 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\SUPERAntiSpyware.com
[2012.03.01 04:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.03.01 04:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAntiSpyware
[2012.03.01 04:39:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegSeeker
[2012.03.01 04:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java(0)
[2012.02.17 20:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.02.17 15:17:56 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\LogiShrd
[2012.02.17 15:17:35 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2012.02.17 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logitech
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logishrd
[2012.02.17 08:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.02.17 08:53:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.02.17 08:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.02.17 07:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Origin
[2012.02.17 07:49:15 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Origin
[2012.02.17 07:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.02.16 16:44:17 | 000,000,000 | R--D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.02.16 16:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy
[2012.02.16 16:28:46 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tools
[2012.02.16 06:44:02 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.16 06:44:01 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.16 06:44:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.16 06:44:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.16 06:44:00 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.16 06:44:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.16 06:44:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.16 06:43:59 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.16 06:43:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.16 06:43:59 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.16 06:43:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.16 06:29:38 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.13 09:26:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.02.05 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\TimR\Documents\SelfMV
[2012.02.05 17:45:50 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudserd.sys
[2012.02.05 17:45:50 | 000,203,320 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2012.02.05 17:45:50 | 000,098,616 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2012.02.05 17:39:59 | 001,917,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfCoInstaller01005.dll
[2012.02.05 17:39:59 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2012.02.05 17:39:59 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2012.02.05 17:39:58 | 000,177,640 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2012.02.05 17:39:58 | 000,157,672 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2012.02.05 17:39:58 | 000,146,920 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadserd.sys
[2012.02.05 17:39:58 | 000,036,328 | ---- | C] (Google Inc) -- C:\Windows\SysNative\drivers\ssadadb.sys
[2012.02.05 17:39:58 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2012.02.05 17:39:58 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2012.02.05 17:39:58 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2012.01.31 22:17:43 | 000,000,000 | R--D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.01 21:56:30 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 21:56:30 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.01 21:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.01 17:15:59 | 000,225,280 | ---- | M] () -- C:\Users\TimR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.01 17:00:59 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012.03.01 17:00:59 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012.03.01 17:00:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012.03.01 17:00:59 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012.03.01 16:33:35 | 000,417,440 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.03.01 16:33:35 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.03.01 16:33:28 | 008,756,384 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.03.01 16:09:23 | 000,750,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll
[2012.03.01 16:09:22 | 000,660,368 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012.03.01 16:02:25 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.01 16:02:25 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.01 16:02:25 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.01 16:02:25 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.01 16:02:25 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.01 15:56:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.01 14:01:05 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.01 14:01:05 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.01 14:01:05 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.01 11:35:16 | 000,298,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.01 08:56:29 | 000,029,124 | ---- | M] () -- C:\Users\TimR\Documents\Logs.zip
[2012.02.17 15:48:48 | 000,000,569 | ---- | M] () -- C:\Users\TimR\.jalview_properties
[2012.02.17 15:41:55 | 000,008,158 | ---- | M] () -- C:\Users\TimR\Desktop\mecr1.rar
[2012.02.17 15:33:17 | 000,016,812 | ---- | M] () -- C:\Users\TimR\Desktop\mecA.rar
[2012.02.17 15:17:35 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.01 16:15:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.01 11:35:07 | 000,298,472 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.01 05:21:26 | 000,029,124 | ---- | C] () -- C:\Users\TimR\Documents\Logs.zip
[2012.02.17 15:41:55 | 000,008,158 | ---- | C] () -- C:\Users\TimR\Desktop\mecr1.rar
[2012.02.17 15:33:16 | 000,016,812 | ---- | C] () -- C:\Users\TimR\Desktop\mecA.rar
[2012.02.17 15:24:06 | 000,000,569 | ---- | C] () -- C:\Users\TimR\.jalview_properties
[2011.12.05 11:23:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.10 17:51:06 | 000,000,680 | ---- | C] () -- C:\Users\TimR\AppData\Local\d3d9caps.dat
[2011.03.10 15:24:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.10 15:24:13 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.10 15:24:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.03.10 15:23:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.10 00:19:41 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.12.10 00:19:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.12 09:12:38 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.09.03 17:19:13 | 001,539,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.07.07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.07.07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.07.07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.07.07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.05.23 22:25:12 | 000,201,122 | ---- | C] () -- C:\Windows\SysWow64\Cavort10.dll
[2010.05.23 22:25:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Unlha.dll
[2010.05.23 22:25:12 | 000,066,113 | ---- | C] () -- C:\Windows\SysWow64\Cavordd.dll
[2010.05.23 22:25:12 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\Cavosysc.dll
[2010.05.23 22:25:07 | 000,000,098 | ---- | C] () -- C:\Windows\twland.ini

< End of report >

rka0 01.03.2012 22:09
Und der Avira-Bericht vor der Reinigung heute mittag:
Code:


Avira AntiVir Premium
Erstellungsdatum der Reportdatei: Donnerstag, 1. März 2012  11:54

Es wird nach 3511092 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Tim Richter
Seriennummer  : 2219046607-PEPWE-0000001
Plattform      : Windows Vista x64
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : SCHWOBB

Versionsinformationen:
BUILD.DAT      : 10.2.0.735    36344 Bytes  25.01.2012 12:44:00
AVSCAN.EXE    : 10.3.0.7      484008 Bytes  29.06.2011 18:42:50
AVSCAN.DLL    : 10.0.5.0      57192 Bytes  29.06.2011 18:42:50
LUKE.DLL      : 10.3.0.5      45416 Bytes  29.06.2011 18:42:50
LUKERES.DLL    : 10.0.0.0      13672 Bytes  08.11.2010 07:26:37
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  29.06.2011 18:42:50
AVREG.DLL      : 10.3.0.9      88833 Bytes  13.07.2011 05:11:28
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 07:25:40
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 19:07:30
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 07:56:50
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 06:50:47
VBASE004.VDF  : 7.11.21.239    2048 Bytes  01.02.2012 06:50:47
VBASE005.VDF  : 7.11.21.240    2048 Bytes  01.02.2012 06:50:47
VBASE006.VDF  : 7.11.21.241    2048 Bytes  01.02.2012 06:50:47
VBASE007.VDF  : 7.11.21.242    2048 Bytes  01.02.2012 06:50:47
VBASE008.VDF  : 7.11.21.243    2048 Bytes  01.02.2012 06:50:47
VBASE009.VDF  : 7.11.21.244    2048 Bytes  01.02.2012 06:50:47
VBASE010.VDF  : 7.11.21.245    2048 Bytes  01.02.2012 06:50:47
VBASE011.VDF  : 7.11.21.246    2048 Bytes  01.02.2012 06:50:47
VBASE012.VDF  : 7.11.21.247    2048 Bytes  01.02.2012 06:50:47
VBASE013.VDF  : 7.11.22.33  1486848 Bytes  03.02.2012 14:00:16
VBASE014.VDF  : 7.11.22.56    687616 Bytes  03.02.2012 14:00:17
VBASE015.VDF  : 7.11.22.92    178176 Bytes  06.02.2012 06:01:36
VBASE016.VDF  : 7.11.22.154  144896 Bytes  08.02.2012 07:58:25
VBASE017.VDF  : 7.11.22.220  183296 Bytes  13.02.2012 07:12:07
VBASE018.VDF  : 7.11.23.34    202752 Bytes  15.02.2012 05:24:59
VBASE019.VDF  : 7.11.23.98    126464 Bytes  17.02.2012 08:28:53
VBASE020.VDF  : 7.11.23.150  148480 Bytes  20.02.2012 08:28:53
VBASE021.VDF  : 7.11.23.224  172544 Bytes  23.02.2012 06:45:22
VBASE022.VDF  : 7.11.24.52    219648 Bytes  28.02.2012 03:33:38
VBASE023.VDF  : 7.11.24.53      2048 Bytes  28.02.2012 03:33:38
VBASE024.VDF  : 7.11.24.54      2048 Bytes  28.02.2012 03:33:38
VBASE025.VDF  : 7.11.24.55      2048 Bytes  28.02.2012 03:33:38
VBASE026.VDF  : 7.11.24.56      2048 Bytes  28.02.2012 03:33:38
VBASE027.VDF  : 7.11.24.57      2048 Bytes  28.02.2012 03:33:38
VBASE028.VDF  : 7.11.24.58      2048 Bytes  28.02.2012 03:33:38
VBASE029.VDF  : 7.11.24.59      2048 Bytes  28.02.2012 03:33:38
VBASE030.VDF  : 7.11.24.60      2048 Bytes  28.02.2012 03:33:38
VBASE031.VDF  : 7.11.24.94    60928 Bytes  29.02.2012 03:17:05
Engineversion  : 8.2.10.8 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  26.10.2011 05:04:24
AESCRIPT.DLL  : 8.1.4.7      442746 Bytes  26.02.2012 06:45:27
AESCN.DLL      : 8.1.8.2      131444 Bytes  27.01.2012 05:50:33
AESBX.DLL      : 8.2.4.5      434549 Bytes  01.12.2011 19:29:10
AERDL.DLL      : 8.1.9.15      639348 Bytes  09.09.2011 05:01:56
AEPACK.DLL    : 8.2.16.3      799094 Bytes  11.02.2012 07:58:29
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  30.12.2011 08:46:25
AEHEUR.DLL    : 8.1.4.0      4436342 Bytes  26.02.2012 06:45:27
AEHELP.DLL    : 8.1.19.0      254327 Bytes  20.01.2012 07:26:51
AEGEN.DLL      : 8.1.5.21      409971 Bytes  04.02.2012 14:00:18
AEEXP.DLL      : 8.1.0.23      70005 Bytes  26.02.2012 06:45:27
AEEMU.DLL      : 8.1.3.0      393589 Bytes  27.11.2010 07:24:51
AECORE.DLL    : 8.1.25.4      201079 Bytes  14.02.2012 07:12:08
AEBB.DLL      : 8.1.1.0        53618 Bytes  08.11.2010 07:26:15
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  08.11.2010 07:25:07
AVPREF.DLL    : 10.0.3.2      44904 Bytes  29.06.2011 18:42:50
AVREP.DLL      : 10.0.0.10    174120 Bytes  18.05.2011 04:36:55
AVARKT.DLL    : 10.0.26.1    255336 Bytes  29.06.2011 18:42:50
AVEVTLOG.DLL  : 10.0.0.9      203112 Bytes  29.06.2011 18:42:50
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  08.11.2010 07:26:40
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  08.11.2010 07:26:26
NETNT.DLL      : 10.0.0.0      11624 Bytes  08.11.2010 07:26:37
RCIMAGE.DLL    : 10.0.0.33    2633064 Bytes  29.06.2011 18:42:50
RCTEXT.DLL    : 10.0.63.0      98664 Bytes  29.06.2011 18:42:50

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: löschen
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Donnerstag, 1. März 2012  11:54

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_USERS\S-1-5-21-4223294054-2252070966-736884885-1000\Software\SecuROM\License information\datasecu
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-4223294054-2252070966-736884885-1000\Software\SecuROM\License information\rkeysecu
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\ActiveX\alwaysreclaimassocations
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Apple Computer, Inc.\QuickTime\ActiveX\qttaskrunflags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ATICustomerCare\CatalystRegistration\lastrundate
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ATI Technologies\Install\ATICustomerCare\CatalystRegistration\donotaskagain
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files (x86)\Dragon Age
C:\Program Files (x86)\Dragon Age
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
C:\Games\Dragon Age Origins Character Creator
C:\Games\Dragon Age Origins Character Creator
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
C:\Games\Mass Effect 2
C:\Games\Mass Effect 2
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\dwwriteporttimeout
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\dwgportmutextimeout
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\debugflags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\ecpenable
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\ecprflag
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\ecpwflag
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\debuglog
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Brother\brlm02a\debuglog
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks\AutoUpdate\18D10072035C4515918F7E37EAFAACFC\lastmodifieddate
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\DivXNetworks\DivX\7B63B2922B174135AFC0E1377DD81EC2\nextupdate
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files (x86)\ffdshow
C:\Program Files (x86)\ffdshow
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
C:\Program Files (x86)\ffdshow
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\fdwsupport
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\cformattags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\aformattagcache
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.divxa32\cfiltertags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\fdwsupport
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cformattags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\aformattagcache
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm\cfiltertags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\fdwsupport
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cformattags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\aformattagcache
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm\cfiltertags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\fdwsupport
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cformattags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\aformattagcache
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm\cfiltertags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\fdwsupport
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cformattags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\aformattagcache
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711\cfiltertags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\fdwsupport
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cformattags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\aformattagcache
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610\cfiltertags
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
DllHost.exe
C:\Windows\system32\DllHost.exe
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\DirectDraw\MostRecentApplication\name
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\CARET32\createtype
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
C:\CA_APPSW\c3trn13.dll
C:\CA_APPSW\c3trn13.dll
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
C:\CA_APPSW\c3trn13.dll
C:\CA_APPSW\c3trn13.dll
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\ODBC\ODBC.INI\CARET32\translationname
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\SOLIDSTATENETWORKS\SolidStateSOLO\um
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\version
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\languagefile
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\showintroframe
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winheight
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.
HKEY_CURRENT_USER\Software\Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\TrendMicro\HijackThis\winwidth
  [HINWEIS]  Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '103' Modul(e) wurden durchsucht
Durchsuche Prozess 'GoogleUpdate.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDMedia.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'LCDSirReal.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmplayer.exe' - '88' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTXFISPI.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ctxfihlp.exe' - '58' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'GPU-Z.0.5.9.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'CTAudSvc.exe' - '26' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'E:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '253' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <Windows>
C:\Users\TimR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\5062998-23c07cac
  [0] Archivtyp: ZIP
  --> buildService/MailAgent.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  --> buildService/VirtualTable.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/2010-0840.AO
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 4a28d253.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
C:\Users\TimR\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\1ebc74c7-7870a087
  [0] Archivtyp: ZIP
  --> buildService/MailAgent.class
      [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840
  [HINWEIS]  Eine Sicherungskopie wurde unter dem Namen 528bfdb1.qua erstellt ( QUARANTÄNE )
  [HINWEIS]  Die Datei wurde gelöscht.
Beginne mit der Suche in 'E:\' <Stuff>


Ende des Suchlaufs: Donnerstag, 1. März 2012  13:55
Benötigte Zeit:  2:01:13 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  41188 Verzeichnisse wurden überprüft
 841638 Dateien wurden geprüft
      3 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      2 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      2 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 841635 Dateien ohne Befall
  8174 Archive wurden durchsucht
      0 Warnungen
    56 Hinweise
 1032182 Objekte wurden beim Rootkitscan durchsucht
    58 Versteckte Objekte wurden gefunden

cosinus 02.03.2012 12:49
Zitat:
Ich habe nun Reinigungen mit Avira Premium, Malware Antispyware, TDSS Killer und Super-Antispyware durchgeführt,
Und warum postest du nicht alle Logs

rka0 02.03.2012 16:13
TDSS
Code:
04:31:23.0188 5544        TDSS rootkit removing tool 2.7.17.0 Feb 29 2012 14:02:24
04:31:23.0509 5544        ============================================================
04:31:23.0509 5544        Current date / time: 2012/03/01 04:31:23.0509
04:31:23.0509 5544        SystemInfo:
04:31:23.0509 5544       
04:31:23.0509 5544        OS Version: 6.0.6002 ServicePack: 2.0
04:31:23.0509 5544        Product type: Workstation
04:31:23.0509 5544        ComputerName: SCHWOBB
04:31:23.0510 5544        UserName: TimR
04:31:23.0510 5544        Windows directory: C:\Windows
04:31:23.0510 5544        System windows directory: C:\Windows
04:31:23.0510 5544        Running under WOW64
04:31:23.0510 5544        Processor architecture: Intel x64
04:31:23.0510 5544        Number of processors: 4
04:31:23.0510 5544        Page size: 0x1000
04:31:23.0510 5544        Boot type: Normal boot
04:31:23.0510 5544        ============================================================
04:31:25.0070 5544        Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
04:31:25.0082 5544        \Device\Harddisk0\DR0:
04:31:25.0116 5544        MBR used
04:31:25.0117 5544        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x43D47178
04:31:25.0117 5544        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x43D47800, BlocksNum 0x309BE800
04:31:25.0225 5544        Initialize success
04:31:25.0225 5544        ============================================================
04:31:31.0855 5464        ============================================================
04:31:31.0855 5464        Scan started
04:31:31.0855 5464        Mode: Manual;
04:31:31.0855 5464        ============================================================
04:31:32.0995 5464        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
04:31:33.0009 5464        ACPI - ok
04:31:33.0127 5464        adp94xx        (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
04:31:33.0140 5464        adp94xx - ok
04:31:33.0180 5464        adpahci        (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
04:31:33.0184 5464        adpahci - ok
04:31:33.0216 5464        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
04:31:33.0217 5464        adpu160m - ok
04:31:33.0259 5464        adpu320        (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
04:31:33.0261 5464        adpu320 - ok
04:31:33.0394 5464        AFD            (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
04:31:33.0403 5464        AFD - ok
04:31:33.0459 5464        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
04:31:33.0460 5464        agp440 - ok
04:31:33.0526 5464        aic78xx        (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
04:31:33.0527 5464        aic78xx - ok
04:31:33.0547 5464        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
04:31:33.0547 5464        aliide - ok
04:31:33.0752 5464        ALSysIO - ok
04:31:33.0851 5464        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
04:31:33.0851 5464        amdide - ok
04:31:33.0919 5464        amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
04:31:33.0920 5464        amdiox64 - ok
04:31:33.0969 5464        AmdK8          (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
04:31:33.0970 5464        AmdK8 - ok
04:31:34.0997 5464        amdkmdag        (322e5c178990f116f00e3d923f4e6b1c) C:\Windows\system32\DRIVERS\atikmdag.sys
04:31:35.0262 5464        amdkmdag - ok
04:31:35.0503 5464        amdkmdap        (961a81a84fdd700e361e8294528a37ba) C:\Windows\system32\DRIVERS\atikmpag.sys
04:31:35.0507 5464        amdkmdap - ok
04:31:35.0608 5464        androidusb      (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys
04:31:35.0609 5464        androidusb - ok
04:31:35.0853 5464        AODDriver4.01 - ok
04:31:35.0949 5464        arc            (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
04:31:35.0950 5464        arc - ok
04:31:36.0013 5464        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
04:31:36.0015 5464        arcsas - ok
04:31:36.0017 5464        AsIO - ok
04:31:36.0045 5464        AsUpIO - ok
04:31:36.0105 5464        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
04:31:36.0105 5464        AsyncMac - ok
04:31:36.0144 5464        atapi          (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
04:31:36.0145 5464        atapi - ok
04:31:36.0689 5464        AtiHDAudioService (1a872ab76d00f52643bb0f81792bbf3b) C:\Windows\system32\drivers\AtihdLH6.sys
04:31:36.0689 5464        AtiHDAudioService - ok
04:31:36.0871 5464        AtiHdmiService - ok
04:31:36.0941 5464        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
04:31:36.0943 5464        avgntflt - ok
04:31:37.0000 5464        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
04:31:37.0001 5464        avipbb - ok
04:31:37.0070 5464        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
04:31:37.0071 5464        blbdrive - ok
04:31:37.0096 5464        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
04:31:37.0097 5464        bowser - ok
04:31:37.0161 5464        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
04:31:37.0161 5464        BrFiltLo - ok
04:31:37.0193 5464        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
04:31:37.0193 5464        BrFiltUp - ok
04:31:37.0244 5464        Brserid        (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
04:31:37.0244 5464        Brserid - ok
04:31:37.0264 5464        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
04:31:37.0264 5464        BrSerWdm - ok
04:31:37.0293 5464        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
04:31:37.0304 5464        BrUsbMdm - ok
04:31:37.0317 5464        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
04:31:37.0326 5464        BrUsbSer - ok
04:31:37.0356 5464        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
04:31:37.0357 5464        BTHMODEM - ok
04:31:37.0404 5464        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
04:31:37.0405 5464        cdfs - ok
04:31:37.0460 5464        cdrom          (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
04:31:37.0461 5464        cdrom - ok
04:31:37.0498 5464        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
04:31:37.0499 5464        circlass - ok
04:31:37.0595 5464        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
04:31:37.0608 5464        CLFS - ok
04:31:37.0687 5464        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
04:31:37.0687 5464        cmdide - ok
04:31:37.0720 5464        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
04:31:37.0720 5464        Compbatt - ok
04:31:37.0742 5464        crcdisk        (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
04:31:37.0743 5464        crcdisk - ok
04:31:37.0869 5464        CT20XUT        (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\system32\drivers\CT20XUT.SYS
04:31:37.0871 5464        CT20XUT - ok
04:31:37.0917 5464        CT20XUT.SYS    (148c9c111291c41d6b2abfb6fbb43856) C:\Windows\System32\drivers\CT20XUT.SYS
04:31:37.0919 5464        CT20XUT.SYS - ok
04:31:38.0016 5464        ctac32k        (397fbd4454e5b2fb77e55d1013df548c) C:\Windows\system32\drivers\ctac32k.sys
04:31:38.0022 5464        ctac32k - ok
04:31:38.0176 5464        ctaud2k        (50a8cd4df066fe57d0c473a2645988cc) C:\Windows\system32\drivers\ctaud2k.sys
04:31:38.0192 5464        ctaud2k - ok
04:31:38.0288 5464        CTEXFIFX        (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\system32\drivers\CTEXFIFX.SYS
04:31:38.0319 5464        CTEXFIFX - ok
04:31:38.0393 5464        CTEXFIFX.SYS    (6f9c3c6c78f5296f4bc7102fb0f7cb65) C:\Windows\System32\drivers\CTEXFIFX.SYS
04:31:38.0403 5464        CTEXFIFX.SYS - ok
04:31:38.0474 5464        CTHWIUT        (ae78ca7ee865a28ac841211db655acf3) C:\Windows\system32\drivers\CTHWIUT.SYS
04:31:38.0475 5464        CTHWIUT - ok
04:31:38.0493 5464        CTHWIUT.SYS    (ae78ca7ee865a28ac841211db655acf3) C:\Windows\System32\drivers\CTHWIUT.SYS
04:31:38.0494 5464        CTHWIUT.SYS - ok
04:31:38.0540 5464        ctprxy2k        (757776e207ca5e71e4a16bd1260ae1f2) C:\Windows\system32\drivers\ctprxy2k.sys
04:31:38.0540 5464        ctprxy2k - ok
04:31:38.0621 5464        ctsfm2k        (9b111ee2f488a8d9c21a13ed4c777795) C:\Windows\system32\drivers\ctsfm2k.sys
04:31:38.0635 5464        ctsfm2k - ok
04:31:38.0762 5464        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
04:31:38.0763 5464        DfsC - ok
04:31:38.0896 5464        dg_ssudbus      (388039f99ce8769024ee0438352aca99) C:\Windows\system32\DRIVERS\ssudbus.sys
04:31:38.0897 5464        dg_ssudbus - ok
04:31:38.0975 5464        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
04:31:38.0976 5464        disk - ok
04:31:39.0051 5464        drmkaud        (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
04:31:39.0052 5464        drmkaud - ok
04:31:39.0256 5464        DXGKrnl        (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
04:31:39.0270 5464        DXGKrnl - ok
04:31:39.0334 5464        E1G60          (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
04:31:39.0335 5464        E1G60 - ok
04:31:39.0375 5464        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
04:31:39.0377 5464        Ecache - ok
04:31:39.0462 5464        elxstor        (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
04:31:39.0479 5464        elxstor - ok
04:31:39.0558 5464        emupia          (683dcaf0d4efc3f95a32e8924849202d) C:\Windows\system32\drivers\emupia2k.sys
04:31:39.0559 5464        emupia - ok
04:31:39.0613 5464        ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
04:31:39.0613 5464        ErrDev - ok
04:31:39.0685 5464        exfat          (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
04:31:39.0687 5464        exfat - ok
04:31:39.0746 5464        fastfat        (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
04:31:39.0759 5464        fastfat - ok
04:31:39.0785 5464        fdc            (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
04:31:39.0786 5464        fdc - ok
04:31:39.0821 5464        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
04:31:39.0822 5464        FileInfo - ok
04:31:39.0846 5464        Filetrace      (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
04:31:39.0846 5464        Filetrace - ok
04:31:39.0878 5464        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
04:31:39.0878 5464        flpydisk - ok
04:31:39.0935 5464        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
04:31:39.0943 5464        FltMgr - ok
04:31:39.0988 5464        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
04:31:39.0989 5464        Fs_Rec - ok
04:31:40.0019 5464        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
04:31:40.0019 5464        gagp30kx - ok
04:31:40.0214 5464        GPU-Z - ok
04:31:40.0390 5464        ha20x22k        (076f366b87575adc7d152c7a34acb3dc) C:\Windows\system32\drivers\ha20x22k.sys
04:31:40.0424 5464        ha20x22k - ok
04:31:40.0614 5464        ha20x2k        (4a7533eb52dc9d1847e7f78dee1ce322) C:\Windows\system32\drivers\ha20x2k.sys
04:31:40.0640 5464        ha20x2k - ok
04:31:40.0770 5464        HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
04:31:40.0785 5464        HdAudAddService - ok
04:31:40.0896 5464        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
04:31:40.0910 5464        HDAudBus - ok
04:31:40.0971 5464        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
04:31:40.0972 5464        HidBth - ok
04:31:41.0002 5464        HidIr          (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
04:31:41.0002 5464        HidIr - ok
04:31:41.0062 5464        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
04:31:41.0063 5464        HidUsb - ok
04:31:41.0120 5464        HpCISSs        (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
04:31:41.0121 5464        HpCISSs - ok
04:31:41.0240 5464        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
04:31:41.0255 5464        HTTP - ok
04:31:41.0300 5464        i2omp          (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
04:31:41.0300 5464        i2omp - ok
04:31:41.0354 5464        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
04:31:41.0354 5464        i8042prt - ok
04:31:41.0427 5464        iaStorV        (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
04:31:41.0436 5464        iaStorV - ok
04:31:41.0501 5464        iirsp          (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
04:31:41.0502 5464        iirsp - ok
04:31:41.0567 5464        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
04:31:41.0567 5464        intelide - ok
04:31:41.0595 5464        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
04:31:41.0596 5464        intelppm - ok
04:31:41.0650 5464        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:31:41.0651 5464        IpFilterDriver - ok
04:31:41.0701 5464        IpInIp - ok
04:31:41.0760 5464        IPMIDRV        (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
04:31:41.0761 5464        IPMIDRV - ok
04:31:41.0822 5464        IPNAT          (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
04:31:41.0823 5464        IPNAT - ok
04:31:41.0851 5464        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
04:31:41.0851 5464        IRENUM - ok
04:31:42.0080 5464        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
04:31:42.0080 5464        isapnp - ok
04:31:42.0150 5464        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
04:31:42.0154 5464        iScsiPrt - ok
04:31:42.0182 5464        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
04:31:42.0183 5464        iteatapi - ok
04:31:42.0242 5464        iteraid        (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
04:31:42.0242 5464        iteraid - ok
04:31:42.0269 5464        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
04:31:42.0269 5464        kbdclass - ok
04:31:42.0326 5464        kbdhid          (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
04:31:42.0326 5464        kbdhid - ok
04:31:42.0446 5464        KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
04:31:42.0455 5464        KSecDD - ok
04:31:42.0477 5464        ksthunk        (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
04:31:42.0485 5464        ksthunk - ok
04:31:42.0561 5464        LGBusEnum      (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
04:31:42.0562 5464        LGBusEnum - ok
04:31:42.0742 5464        LGDDCDevice    (3522649f3714b1c2bfddb1c611556317) C:\Program Files (x86)\forteManager\bin\I2CDriver.sys
04:31:42.0749 5464        LGDDCDevice - ok
04:31:42.0779 5464        LGII2CDevice    (722fef6f2f790cbad480578fa4df2158) C:\Program Files (x86)\forteManager\bin\PII2CDriver.sys
04:31:42.0790 5464        LGII2CDevice - ok
04:31:42.0857 5464        LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
04:31:42.0857 5464        LGVirHid - ok
04:31:42.0973 5464        LHidFilt        (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
04:31:42.0973 5464        LHidFilt - ok
04:31:42.0986 5464        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
04:31:42.0987 5464        lltdio - ok
04:31:43.0034 5464        LMouFilt        (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
04:31:43.0035 5464        LMouFilt - ok
04:31:43.0068 5464        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
04:31:43.0069 5464        LSI_FC - ok
04:31:43.0085 5464        LSI_SAS        (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
04:31:43.0086 5464        LSI_SAS - ok
04:31:43.0113 5464        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
04:31:43.0114 5464        LSI_SCSI - ok
04:31:43.0141 5464        luafv          (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
04:31:43.0142 5464        luafv - ok
04:31:43.0215 5464        LUsbFilt        (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
04:31:43.0216 5464        LUsbFilt - ok
04:31:43.0269 5464        megasas        (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
04:31:43.0270 5464        megasas - ok
04:31:43.0358 5464        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
04:31:43.0374 5464        MegaSR - ok
04:31:43.0441 5464        Modem          (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
04:31:43.0442 5464        Modem - ok
04:31:43.0504 5464        monitor        (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
04:31:43.0504 5464        monitor - ok
04:31:43.0517 5464        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
04:31:43.0518 5464        mouclass - ok
04:31:43.0577 5464        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
04:31:43.0578 5464        mouhid - ok
04:31:43.0614 5464        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
04:31:43.0615 5464        MountMgr - ok
04:31:43.0650 5464        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
04:31:43.0652 5464        mpio - ok
04:31:43.0709 5464        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
04:31:43.0709 5464        mpsdrv - ok
04:31:43.0751 5464        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
04:31:43.0751 5464        Mraid35x - ok
04:31:43.0792 5464        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
04:31:43.0794 5464        MRxDAV - ok
04:31:43.0852 5464        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
04:31:43.0853 5464        mrxsmb - ok
04:31:43.0947 5464        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:31:43.0954 5464        mrxsmb10 - ok
04:31:43.0989 5464        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:31:43.0991 5464        mrxsmb20 - ok
04:31:44.0037 5464        msahci          (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
04:31:44.0037 5464        msahci - ok
04:31:44.0073 5464        msdsm          (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
04:31:44.0074 5464        msdsm - ok
04:31:44.0121 5464        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
04:31:44.0122 5464        Msfs - ok
04:31:44.0180 5464        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
04:31:44.0180 5464        msisadrv - ok
04:31:44.0236 5464        MSKSSRV        (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
04:31:44.0237 5464        MSKSSRV - ok
04:31:44.0261 5464        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
04:31:44.0274 5464        MSPCLOCK - ok
04:31:44.0293 5464        MSPQM          (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
04:31:44.0306 5464        MSPQM - ok
04:31:44.0385 5464        MsRPC          (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
04:31:44.0400 5464        MsRPC - ok
04:31:44.0430 5464        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
04:31:44.0431 5464        mssmbios - ok
04:31:44.0485 5464        MSTEE          (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
04:31:44.0495 5464        MSTEE - ok
04:31:44.0539 5464        MTsensor        (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
04:31:44.0539 5464        MTsensor - ok
04:31:44.0564 5464        Mup            (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
04:31:44.0565 5464        Mup - ok
04:31:44.0634 5464        NativeWifiP    (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
04:31:44.0636 5464        NativeWifiP - ok
04:31:44.0715 5464        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
04:31:44.0730 5464        NDIS - ok
04:31:44.0767 5464        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
04:31:44.0768 5464        NdisTapi - ok
04:31:44.0823 5464        Ndisuio        (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
04:31:44.0823 5464        Ndisuio - ok
04:31:44.0863 5464        NdisWan        (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
04:31:44.0864 5464        NdisWan - ok
04:31:44.0903 5464        NDProxy        (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
04:31:44.0904 5464        NDProxy - ok
04:31:44.0947 5464        NetBIOS        (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
04:31:44.0948 5464        NetBIOS - ok
04:31:44.0991 5464        netbt          (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
04:31:44.0994 5464        netbt - ok
04:31:45.0038 5464        nfrd960        (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
04:31:45.0039 5464        nfrd960 - ok
04:31:45.0090 5464        nmwcdcx64 - ok
04:31:45.0141 5464        nmwcdnsucx64 - ok
04:31:45.0157 5464        nmwcdnsux64 - ok
04:31:45.0185 5464        nmwcdx64 - ok
04:31:45.0277 5464        NPF            (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
04:31:45.0278 5464        NPF - ok
04:31:45.0304 5464        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
04:31:45.0306 5464        Npfs - ok
04:31:45.0353 5464        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
04:31:45.0354 5464        nsiproxy - ok
04:31:45.0568 5464        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
04:31:45.0588 5464        Ntfs - ok
04:31:45.0614 5464        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
04:31:45.0614 5464        Null - ok
04:31:45.0690 5464        NVNET          (dcfbd407e8aa648832cc214343c943fa) C:\Windows\system32\DRIVERS\nvmfdx64.sys
04:31:45.0693 5464        NVNET - ok
04:31:45.0768 5464        nvsmu          (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
04:31:45.0769 5464        nvsmu - ok
04:31:45.0820 5464        nvstor64        (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
04:31:45.0822 5464        nvstor64 - ok
04:31:45.0830 5464        NwlnkFlt - ok
04:31:45.0867 5464        NwlnkFwd - ok
04:31:45.0967 5464        ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
04:31:45.0968 5464        ohci1394 - ok
04:31:46.0028 5464        ossrv          (a29a80a1cf63d0dc27eefcaf27d34664) C:\Windows\system32\drivers\ctoss2k.sys
04:31:46.0030 5464        ossrv - ok
04:31:46.0067 5464        Parport        (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
04:31:46.0068 5464        Parport - ok
04:31:46.0103 5464        partmgr        (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
04:31:46.0104 5464        partmgr - ok
04:31:46.0216 5464        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
04:31:46.0217 5464        pccsmcfd - ok
04:31:46.0254 5464        pci            (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
04:31:46.0256 5464        pci - ok
04:31:46.0310 5464        pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
04:31:46.0311 5464        pciide - ok
04:31:46.0374 5464        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
04:31:46.0376 5464        pcmcia - ok
04:31:46.0510 5464        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
04:31:46.0518 5464        PEAUTH - ok
04:31:46.0598 5464        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
04:31:46.0599 5464        PptpMiniport - ok
04:31:46.0645 5464        Processor      (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
04:31:46.0646 5464        Processor - ok
04:31:46.0719 5464        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
04:31:46.0720 5464        PSched - ok
04:31:46.0862 5464        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
04:31:46.0896 5464        ql2300 - ok
04:31:46.0934 5464        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
04:31:46.0935 5464        ql40xx - ok
04:31:46.0968 5464        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
04:31:46.0969 5464        QWAVEdrv - ok
04:31:47.0035 5464        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
04:31:47.0036 5464        RasAcd - ok
04:31:47.0079 5464        Rasl2tp        (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
04:31:47.0080 5464        Rasl2tp - ok
04:31:47.0121 5464        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
04:31:47.0122 5464        RasPppoe - ok
04:31:47.0174 5464        RasSstp        (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
04:31:47.0175 5464        RasSstp - ok
04:31:47.0245 5464        rdbss          (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
04:31:47.0251 5464        rdbss - ok
04:31:47.0264 5464        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
04:31:47.0265 5464        RDPCDD - ok
04:31:47.0317 5464        rdpdr          (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
04:31:47.0328 5464        rdpdr - ok
04:31:47.0356 5464        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
04:31:47.0356 5464        RDPENCDD - ok
04:31:47.0412 5464        RDPWD          (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
04:31:47.0427 5464        RDPWD - ok
04:31:47.0475 5464        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
04:31:47.0476 5464        rspndr - ok
04:31:47.0521 5464        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
04:31:47.0522 5464        sbp2port - ok
04:31:47.0720 5464        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
04:31:47.0720 5464        secdrv - ok
04:31:47.0796 5464        Serenum        (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
04:31:47.0797 5464        Serenum - ok
04:31:47.0855 5464        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
04:31:47.0855 5464        Serial - ok
04:31:47.0876 5464        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
04:31:47.0876 5464        sermouse - ok
04:31:47.0910 5464        sffdisk        (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
04:31:47.0910 5464        sffdisk - ok
04:31:47.0976 5464        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
04:31:47.0976 5464        sffp_mmc - ok
04:31:48.0003 5464        sffp_sd        (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
04:31:48.0003 5464        sffp_sd - ok
04:31:48.0029 5464        sfloppy        (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
04:31:48.0030 5464        sfloppy - ok
04:31:48.0057 5464        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
04:31:48.0057 5464        SiSRaid2 - ok
04:31:48.0089 5464        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
04:31:48.0089 5464        SiSRaid4 - ok
04:31:48.0158 5464        Smb            (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
04:31:48.0159 5464        Smb - ok
04:31:48.0206 5464        speedfan - ok
04:31:48.0247 5464        spldr          (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
04:31:48.0247 5464        spldr - ok
04:31:48.0349 5464        srv            (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
04:31:48.0355 5464        srv - ok
04:31:48.0419 5464        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
04:31:48.0421 5464        srv2 - ok
04:31:48.0492 5464        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
04:31:48.0494 5464        srvnet - ok
04:31:48.0595 5464        ssadbus        (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys
04:31:48.0596 5464        ssadbus - ok
04:31:48.0671 5464        ssadmdfl        (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys
04:31:48.0671 5464        ssadmdfl - ok
04:31:48.0725 5464        ssadmdm        (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys
04:31:48.0726 5464        ssadmdm - ok
04:31:48.0785 5464        ssadserd        (d33d1bd3ec0e766211a234f56a12726d) C:\Windows\system32\DRIVERS\ssadserd.sys
04:31:48.0787 5464        ssadserd - ok
04:31:48.0855 5464        sscdbus        (ed161b91fdf7eaa39469d72d463d5f4e) C:\Windows\system32\DRIVERS\sscdbus.sys
04:31:48.0856 5464        sscdbus - ok
04:31:48.0943 5464        sscdmdfl        (4cb09e77593dbd8d7af33b37375ca715) C:\Windows\system32\DRIVERS\sscdmdfl.sys
04:31:48.0943 5464        sscdmdfl - ok
04:31:49.0022 5464        sscdmdm        (c7b4cf53497a6e5363f3439427663882) C:\Windows\system32\DRIVERS\sscdmdm.sys
04:31:49.0024 5464        sscdmdm - ok
04:31:49.0096 5464        ssudmdm        (ad42ca614e086bcadbd53fffc404ac24) C:\Windows\system32\DRIVERS\ssudmdm.sys
04:31:49.0098 5464        ssudmdm - ok
04:31:49.0199 5464        ssudserd        (f7747cf40af99af3b5807c8e9f337f58) C:\Windows\system32\DRIVERS\ssudserd.sys
04:31:49.0201 5464        ssudserd - ok
04:31:49.0243 5464        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
04:31:49.0244 5464        swenum - ok
04:31:49.0272 5464        Symc8xx        (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
04:31:49.0273 5464        Symc8xx - ok
04:31:49.0296 5464        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
04:31:49.0297 5464        Sym_hi - ok
04:31:49.0325 5464        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
04:31:49.0326 5464        Sym_u3 - ok
04:31:49.0477 5464        Tcpip          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
04:31:49.0503 5464        Tcpip - ok
04:31:49.0555 5464        Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
04:31:49.0572 5464        Tcpip6 - ok
04:31:49.0638 5464        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
04:31:49.0639 5464        tcpipreg - ok
04:31:49.0656 5464        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
04:31:49.0656 5464        TDPIPE - ok
04:31:49.0677 5464        TDTCP          (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
04:31:49.0678 5464        TDTCP - ok
04:31:49.0732 5464        tdx            (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
04:31:49.0733 5464        tdx - ok
04:31:49.0783 5464        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
04:31:49.0784 5464        TermDD - ok
04:31:49.0838 5464        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
04:31:49.0839 5464        tssecsrv - ok
04:31:49.0865 5464        tunmp          (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
04:31:49.0865 5464        tunmp - ok
04:31:49.0928 5464        tunnel          (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
04:31:49.0928 5464        tunnel - ok
04:31:49.0964 5464        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
04:31:49.0965 5464        uagp35 - ok
04:31:50.0058 5464        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
04:31:50.0074 5464        udfs - ok
04:31:50.0113 5464        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
04:31:50.0114 5464        uliagpkx - ok
04:31:50.0178 5464        uliahci        (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
04:31:50.0181 5464        uliahci - ok
04:31:50.0242 5464        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
04:31:50.0244 5464        UlSata - ok
04:31:50.0295 5464        ulsata2        (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
04:31:50.0296 5464        ulsata2 - ok
04:31:50.0340 5464        umbus          (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
04:31:50.0341 5464        umbus - ok
04:31:50.0395 5464        upperdev - ok
04:31:50.0465 5464        usbccgp        (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
04:31:50.0466 5464        usbccgp - ok
04:31:50.0492 5464        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
04:31:50.0493 5464        usbcir - ok
04:31:50.0521 5464        usbehci        (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
04:31:50.0522 5464        usbehci - ok
04:31:50.0591 5464        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
04:31:50.0604 5464        usbhub - ok
04:31:50.0620 5464        usbohci        (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
04:31:50.0621 5464        usbohci - ok
04:31:50.0672 5464        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
04:31:50.0673 5464        usbprint - ok
04:31:50.0745 5464        usbscan        (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
04:31:50.0745 5464        usbscan - ok
04:31:50.0761 5464        UsbserFilt - ok
04:31:50.0816 5464        USBSTOR        (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:31:50.0817 5464        USBSTOR - ok
04:31:50.0895 5464        usbuhci        (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
04:31:50.0895 5464        usbuhci - ok
04:31:50.0931 5464        vga            (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
04:31:50.0931 5464        vga - ok
04:31:50.0946 5464        VgaSave        (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
04:31:50.0947 5464        VgaSave - ok
04:31:50.0975 5464        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
04:31:50.0976 5464        viaide - ok
04:31:51.0024 5464        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
04:31:51.0025 5464        volmgr - ok
04:31:51.0145 5464        volmgrx        (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
04:31:51.0150 5464        volmgrx - ok
04:31:51.0211 5464        volsnap        (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
04:31:51.0213 5464        volsnap - ok
04:31:51.0278 5464        vsmraid        (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
04:31:51.0280 5464        vsmraid - ok
04:31:51.0338 5464        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
04:31:51.0352 5464        WacomPen - ok
04:31:51.0381 5464        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
04:31:51.0382 5464        Wanarp - ok
04:31:51.0392 5464        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
04:31:51.0393 5464        Wanarpv6 - ok
04:31:51.0450 5464        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
04:31:51.0451 5464        Wd - ok
04:31:51.0498 5464        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
04:31:51.0506 5464        Wdf01000 - ok
04:31:51.0559 5464        WmiAcpi        (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
04:31:51.0560 5464        WmiAcpi - ok
04:31:51.0644 5464        WpdUsb          (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
04:31:51.0645 5464        WpdUsb - ok
04:31:51.0697 5464        ws2ifsl        (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
04:31:51.0697 5464        ws2ifsl - ok
04:31:51.0746 5464        WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
04:31:51.0748 5464        WudfPf - ok
04:31:51.0805 5464        WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
04:31:51.0806 5464        WUDFRd - ok
04:31:51.0852 5464        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
04:31:51.0909 5464        \Device\Harddisk0\DR0 - ok
04:31:51.0912 5464        Boot (0x1200)  (3f94bb9feac5e0e9beb6b1895d1794fe) \Device\Harddisk0\DR0\Partition0
04:31:51.0913 5464        \Device\Harddisk0\DR0\Partition0 - ok
04:31:51.0944 5464        Boot (0x1200)  (4a3794e78f3558b18df7105a1fd3d8da) \Device\Harddisk0\DR0\Partition1
04:31:51.0975 5464        \Device\Harddisk0\DR0\Partition1 - ok
04:31:51.0975 5464        ============================================================
04:31:51.0975 5464        Scan finished
04:31:51.0975 5464        ============================================================
04:31:51.0986 2340        Detected object count: 0
04:31:51.0986 2340        Actual detected object count: 0
04:31:54.0994 3832        Deinitialize success
MBAM
Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.29.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
TimR :: SCHWOBB [Administrator]

01.03.2012 05:24:18
mbam-log-2012-03-01 (07-02-43) II

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444224
Laufzeit: 1 Stunde(n), 11 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
E:\Downloads\dsrecorder.3.2.exe (Rogue.BoanK) -> Keine Aktion durchgeführt.

(Ende)
Dem dsrecorder.3.2.exe habe ich einfach gelöscht. Hatte ich mal runtergeladen. Danach gabs auch keine Meldung mehr.
Das SAS Log ist komischerweise nicht mehr aufrufbar.

cosinus 02.03.2012 17:52
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Außerdem fehlen noch die Logs von SASW und Avira AntiVir

rka0 02.03.2012 19:56
Hi.
Den Avira-Log findest Du hier:
http://www.trojaner-board.de/110667-...tml#post783517
Ist der vierte Post (mein dritter).

MBAM zeigt mir merkwürdigerweise keine Logdateien mehr an im Reiter "logdateien".
Ich habe noch diese beiden hier manuell gespeichert:
MBAM #1 Quickscan vor Reinigung:
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7950

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

01.03.2012 04:13:09
mbam-log-2012-03-01 (04-13-06).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 183062
Laufzeit: 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\TimR\AppData\Roaming\microsoft\torrent.exe (Backdoor.Messa) -> No action taken.
und dann einige Stunden später:

Code:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.29.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
TimR :: SCHWOBB [Administrator]

01.03.2012 05:24:18
mbam-log-2012-03-01 (07-02-43) II

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 444224
Laufzeit: 1 Stunde(n), 11 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
E:\Downloads\dsrecorder.3.2.exe (Rogue.BoanK) -> Keine Aktion durchgeführt.

(Ende)
Und hier ein einziger SAS-Log, den ich manuell gespeichert hab. Auch hier zeigt mir SAS keine Logs mehr :(
SAS nach Reinigung:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/01/2012 at 07:08 AM

Application Version : 5.0.1144

Core Rules Database Version : 8292
Trace Rules Database Version: 6104

Scan type      : Custom Scan
Total Scan Time : 00:04:14

Operating System Information
Windows Vista Home Premium 64-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User

Memory items scanned      : 679
Memory threats detected  : 0
Registry items scanned    : 64926
Registry threats detected : 0
File items scanned        : 10251
File threats detected    : 0
Danke!

cosinus 05.03.2012 10:30
Zitat:
E:\Downloads\dsrecorder.3.2.exe (Rogue.BoanK)
Was soll das sein?
Der normale Modus funktioniert wieder uneingeschränkt?

rka0 05.03.2012 17:59
Evtl. Fehlalarm?
Das ist ein programm ähnlich wie camtasia zur Aufnahme von Streams von Sytexis.
Ich hatte es nach der Warnung einfach gelöscht. Seitdem keine weitere Meldung.
Und der normale Modus funktioniert wieder uneingeschränkt. Danke!

cosinus 05.03.2012 19:07
Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


rka0 05.03.2012 23:46
Entweder es ist alles kaputt, oder lauter Fehlalarme.
Die angeblich kompromittierten Dateien sind alles ganz normale Tools, die ich vornehmlich über chip.de besorgt habe:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=49322c8e80ddae4387d4585141b07ad3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-03-05 10:40:54
# local_time=2012-03-05 11:40:54 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 41780427 41780427 0 0
# compatibility_mode=5892 16776574 100 56 55829099 168502051 0 0
# compatibility_mode=8192 67108863 100 0 3723 3723 0 0
# scanned=264102
# found=6
# cleaned=0
# scan_time=9108
C:\ProgramData\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi        Win32/Packed.Autoit.E.Gen application (unable to clean)        00000000000000000000000000000000        I
C:\Users\All Users\VistaCodecs\{F4D16C8C-2AAC-4F3F-B6EF-1EB551272ED4}\Vista Codec Package.msi        Win32/Packed.Autoit.E.Gen application (unable to clean)        00000000000000000000000000000000        I
E:\Downloads\SoftonicDownloader57865.exe        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I
E:\Downloads\winamp5621_full_emusic-7plus_all.exe        Win32/OpenCandy application (unable to clean)        00000000000000000000000000000000        I
E:\Downloads\YouTubeDownloaderSetup33.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
E:\Downloads\YouTubeDownloaderSetup35.exe        probably a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
WinAmp und Vistacodecs beispielsweise sind ja nicht gerade bekannt als infektiös :(

cosinus 06.03.2012 12:57
Zitat:
E:\Downloads\SoftonicDownloader57865.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

rka0 06.03.2012 18:49
Ich hab ehrlich gesagt auch keine Ahnung, woher dieser Softonic Downloader kommt. Das Programm, das er downloaden soll, kenne ich nicht (MUGEN, irgendso ein Kampfspiel). Sehr merkwürdig.
Anyway, hier der aktuelle OTL-Log:
Und mal wieder Danke!

OTL Logfile:
Code:
OTL logfile created on: 06.03.2012 18:38:04 - Run 3
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\TimR\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 56,55% Memory free
8,20 Gb Paging File | 6,04 Gb Available in Paging File | 73,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 542,64 Gb Total Space | 334,16 Gb Free Space | 61,58% Space Free | Partition Type: NTFS
Drive E: | 388,87 Gb Total Space | 139,47 Gb Free Space | 35,87% Space Free | Partition Type: NTFS
 
Computer Name: SCHWOBB | User Name: TimR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.01 04:27:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\TimR\Desktop\OTL.exe
PRC - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe
PRC - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\sua.exe
PRC - [2012.02.16 16:11:52 | 001,019,872 | ---- | M] (techPowerUp (www.techpowerup.com)) -- C:\Program Files (x86)\GPUZ\GPU-Z.0.5.9.exe
PRC - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.08 08:26:23 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.13 14:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.07.07 20:33:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.07.07 20:27:16 | 001,268,224 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
PRC - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.07.05 16:17:16 | 000,191,488 | ---- | M] () -- C:\Users\TimR\Documents\LCDSirReal\LCDSirReal.exe
MOD - [2009.06.29 10:54:08 | 000,164,864 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2007.09.13 18:05:22 | 000,002,560 | ---- | M] () -- C:\Windows\SysWOW64\CTXFIGER.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.11.10 04:11:32 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.03.01 16:33:35 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.02.24 14:02:30 | 001,294,904 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.02.24 14:02:28 | 000,656,440 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.25 21:14:28 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files (x86)\ATI\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files (x86)\SAS\SASCORE64.EXE -- (!SASCORE)
SRV - [2011.06.29 19:42:50 | 000,428,200 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011.06.29 19:42:50 | 000,340,136 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2011.06.29 19:42:50 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 19:47:30 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.12.10 00:42:29 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.12.10 00:23:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.12.15 21:07:16 | 000,025,832 | ---- | M] (BioWare) [Auto | Running] -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.16 15:20:10 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudserd.sys -- (ssudserd) SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudmdm.sys -- (ssudmdm) SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:38 | 000,098,616 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV:64bit: - [2011.12.08 05:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 05:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,146,920 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadserd.sys -- (ssadserd) SAMSUNG Android USB Diagnostic Serial Port (WDM)
DRV:64bit: - [2011.12.08 05:22:28 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2011.12.08 05:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011.11.10 04:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.11.10 03:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.10.17 18:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.06.29 19:42:50 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.29 19:42:50 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.12.21 06:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 06:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.12.21 06:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.07.07 22:21:18 | 001,612,888 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x22k.sys -- (ha20x22k)
DRV:64bit: - [2010.07.07 22:21:06 | 001,567,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.07.07 22:20:56 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.07.07 22:20:48 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.07.07 22:20:40 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.07.07 22:16:32 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.07.07 22:16:24 | 000,697,816 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.07.07 22:16:14 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.07.07 22:16:06 | 001,445,976 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.SYS -- (CTEXFIFX)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV:64bit: - [2010.07.07 22:15:56 | 000,095,320 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.SYS -- (CTHWIUT)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV:64bit: - [2010.07.07 22:15:50 | 000,230,488 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.SYS -- (CT20XUT)
DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.23 16:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 16:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.06.17 17:54:46 | 000,040,976 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys -- (LUsbFilt)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2005.03.29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ASACPI.sys -- (MTsensor)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASDIFSV64.SYS -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files (x86)\SAS\SASKUTIL64.SYS -- (SASKUTIL)
DRV - [2008.08.08 13:52:48 | 000,017,408 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008.08.08 13:52:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2007.02.07 19:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alternate.net [binary data]
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/ [binary data]
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EB F2 93 D9 5A EE CC 01  [binary data]
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-4223294054-2252070966-736884885-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_221.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20120217-1212: C:\Program Files (x86)\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_221.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll File not found
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
 
 
 
O1 HOSTS File: ([2011.03.13 15:15:23 | 000,431,157 | R--- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 14842 more lines...
O2:64bit: - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files (x86)\Logitech\SetPoint\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\11-12\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun =  [binary data]
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.50.140.116 195.50.140.180
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6659378C-9D4A-4D5D-882C-148AEC3A7B09}: DhcpNameServer = 195.50.140.116 195.50.140.180
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Winter Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.06.25 20:18:54 | 000,000,035 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\AutoRun\command - "" = G:\jeti\\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\explore\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\install\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{3dabfe2f-52b5-11df-bb5b-00261822e3e6}\Shell\open\command - "" = G:\jeti\sumadinac.exe
O33 - MountPoints2\{6422d340-9cc8-11df-91e9-00261822e3e6}\Shell\AutoRun\command - "" = F:\shelexec.exe .\Vaillant\index.htm
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell - "" = AutoRun
O33 - MountPoints2\{9096f5b5-e885-11de-8e98-00261822e3e6}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d658de6e-a9f3-11de-96c7-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: !SASCORE - C:\Program Files (x86)\SAS\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: !SASCORE - C:\Program Files (x86)\SAS\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3F378912-0B00-B4FB-BDCC-6F452B2D6A59} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.06 18:26:14 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\TimR\Desktop\OTL.exe
[2012.03.03 00:45:13 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2012.03.03 00:45:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader
[2012.03.01 22:27:24 | 000,000,000 | R--D | C] -- C:\Users\TimR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.03.01 22:22:58 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Trillian
[2012.03.01 17:13:02 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\vlc
[2012.03.01 17:11:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VLC
[2012.03.01 17:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.03.01 17:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.03.01 16:24:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.03.01 16:19:24 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Secunia PSI
[2012.03.01 16:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012.03.01 16:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2012.03.01 11:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SAS
[2012.03.01 04:45:18 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\SUPERAntiSpyware.com
[2012.03.01 04:44:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.03.01 04:44:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SuperAntiSpyware
[2012.03.01 04:24:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java(0)
[2012.02.17 20:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2012.02.17 15:17:56 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\LogiShrd
[2012.02.17 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logitech
[2012.02.17 15:13:47 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Logishrd
[2012.02.17 08:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.02.17 08:53:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.02.17 08:52:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2012.02.17 07:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.02.17 07:49:35 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Roaming\Origin
[2012.02.17 07:49:15 | 000,000,000 | ---D | C] -- C:\Users\TimR\AppData\Local\Origin
[2012.02.17 07:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.02.16 16:28:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\xp-AntiSpy
[2012.02.13 09:26:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.02.05 19:32:28 | 000,000,000 | ---D | C] -- C:\Users\TimR\Documents\SelfMV
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.06 18:33:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.06 18:26:01 | 001,560,144 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.06 18:26:01 | 000,671,424 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.06 18:26:01 | 000,632,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.06 18:26:01 | 000,144,592 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.06 18:26:01 | 000,118,780 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.06 18:19:43 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 18:19:43 | 000,004,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.06 18:19:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.06 08:35:48 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.06 08:35:48 | 000,061,948 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.06 08:35:48 | 000,000,820 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000006-00000000-00000000-00001102-0000000B-00421102}.rfx
[2012.03.06 07:37:28 | 000,241,664 | ---- | M] () -- C:\Users\TimR\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.06 06:58:47 | 000,298,472 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.05 21:34:46 | 000,001,468 | ---- | M] () -- C:\Users\TimR\.jalview_properties
[2012.03.02 16:59:43 | 000,004,070 | ---- | M] () -- C:\Users\TimR\Desktop\141] 2012 PhDnet General Survey.eml
[2012.03.01 08:56:29 | 000,029,124 | ---- | M] () -- C:\Users\TimR\Documents\Logs.zip
[2012.03.01 04:27:54 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\TimR\Desktop\OTL.exe
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.06 06:58:38 | 000,298,472 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.02 16:59:42 | 000,004,070 | ---- | C] () -- C:\Users\TimR\Desktop\141] 2012 PhDnet General Survey.eml
[2012.03.01 16:15:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.01 05:21:26 | 000,029,124 | ---- | C] () -- C:\Users\TimR\Documents\Logs.zip
[2012.02.17 15:24:06 | 000,001,468 | ---- | C] () -- C:\Users\TimR\.jalview_properties
[2011.12.05 11:23:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.10.25 21:21:48 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.10 17:51:06 | 000,000,680 | ---- | C] () -- C:\Users\TimR\AppData\Local\d3d9caps.dat
[2011.03.10 15:24:13 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.10 15:24:13 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.10 15:24:13 | 000,013,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.03.10 15:23:40 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.03.08 13:41:06 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.03.08 13:41:04 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.03.08 13:41:04 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.03.08 13:41:04 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.03.08 13:41:04 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.12.10 00:19:41 | 000,164,864 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.12.10 00:19:41 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.11.12 09:12:38 | 000,000,118 | ---- | C] () -- C:\Windows\Podcasts.INI
[2010.09.03 17:19:13 | 001,539,214 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.07 21:23:10 | 000,017,868 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.07.07 20:36:44 | 000,014,336 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.07.07 20:33:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.07.07 20:21:00 | 000,384,647 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.07.07 20:21:00 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.07.07 20:10:30 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.07.07 20:10:22 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.05.23 22:25:12 | 000,201,122 | ---- | C] () -- C:\Windows\SysWow64\Cavort10.dll
[2010.05.23 22:25:12 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\Unlha.dll
[2010.05.23 22:25:12 | 000,066,113 | ---- | C] () -- C:\Windows\SysWow64\Cavordd.dll
[2010.05.23 22:25:12 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\Cavosysc.dll
[2010.05.23 22:25:07 | 000,000,098 | ---- | C] () -- C:\Windows\twland.ini
 
========== LOP Check ==========
 
[2010.04.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Academic Software Zurich
[2010.05.30 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Amazon
[2012.02.25 22:26:51 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Audacity
[2009.09.25 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Auslogics
[2009.11.10 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DonationCoder
[2012.02.26 13:44:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Dropbox
[2012.01.27 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoft
[2012.01.21 09:16:29 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.09 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\EAC
[2010.11.13 22:21:04 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\FreeHideIP
[2010.11.16 17:15:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\GetRightToGo
[2011.07.19 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\inkscape
[2010.09.20 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\IrfanView
[2009.09.25 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Leadertech
[2011.06.23 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MEGA5_5110426
[2011.04.09 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MP3Find
[2011.04.16 09:24:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MPEG Streamclip
[2010.09.03 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Nokia
[2012.03.01 22:51:56 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Notepad++
[2011.01.30 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OfficeRecovery
[2010.03.06 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OpenDNS Updater
[2011.04.11 07:39:33 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Opera
[2012.02.17 07:49:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Origin
[2010.06.08 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\PC Suite
[2011.04.19 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Samsung
[2009.11.18 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\ScanSoft
[2009.11.08 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\StreamTorrent
[2011.12.12 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Temp
[2010.09.17 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Tracker Software
[2012.03.01 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Trillian
[2012.01.23 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Wizards of the Coast
[2011.07.07 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Xi
[2012.03.06 08:35:40 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.04.02 14:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Academic Software Zurich
[2010.07.17 11:30:57 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Adobe
[2010.05.30 15:05:35 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Amazon
[2012.01.14 22:44:50 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\ATI
[2012.02.25 22:26:51 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Audacity
[2009.09.25 19:01:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Auslogics
[2010.11.08 08:53:51 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Avira
[2009.09.25 23:51:59 | 000,000,000 | R--D | M] -- C:\Users\TimR\AppData\Roaming\Brother
[2010.06.11 09:30:32 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DivX
[2009.11.10 21:00:31 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DonationCoder
[2012.02.26 13:44:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Dropbox
[2012.01.27 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoft
[2012.01.21 09:16:29 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.09 16:05:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\EAC
[2010.11.13 22:21:04 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\FreeHideIP
[2010.11.16 17:15:24 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\GetRightToGo
[2009.09.25 18:11:45 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Identities
[2011.07.19 17:48:27 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\inkscape
[2009.09.25 20:38:15 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\InstallShield
[2010.09.20 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\IrfanView
[2009.09.25 21:19:42 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Leadertech
[2012.02.17 15:13:54 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Logishrd
[2012.02.17 15:17:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Logitech
[2009.09.25 19:07:04 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Macromedia
[2010.05.24 20:42:43 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Malwarebytes
[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Media Center Programs
[2011.06.23 23:21:54 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MEGA5_5110426
[2009.04.11 08:10:17 | 000,000,000 | --SD | M] -- C:\Users\TimR\AppData\Roaming\Microsoft
[2011.03.02 16:10:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Mozilla
[2011.04.09 16:53:08 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MP3Find
[2011.04.16 09:24:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\MPEG Streamclip
[2010.09.03 17:19:40 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Nokia
[2012.03.01 22:51:56 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Notepad++
[2011.01.30 13:15:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OfficeRecovery
[2010.03.06 02:15:53 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\OpenDNS Updater
[2011.04.11 07:39:33 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Opera
[2012.02.17 07:49:58 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Origin
[2010.06.08 18:33:23 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\PC Suite
[2011.04.19 19:37:13 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Samsung
[2009.11.18 17:39:38 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\ScanSoft
[2009.09.28 18:58:53 | 000,000,000 | RH-D | M] -- C:\Users\TimR\AppData\Roaming\SecuROM
[2012.03.01 16:25:32 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Skype
[2009.11.08 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\StreamTorrent
[2010.10.04 21:25:57 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Sun
[2012.03.01 04:45:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.12 21:36:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Temp
[2010.09.17 19:57:19 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Tracker Software
[2012.03.01 22:24:01 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Trillian
[2012.03.06 07:40:52 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\vlc
[2012.03.06 00:12:55 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Winamp
[2009.09.25 19:30:20 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\WinRAR
[2012.01.23 13:12:21 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Wizards of the Coast
[2011.07.07 15:11:18 | 000,000,000 | ---D | M] -- C:\Users\TimR\AppData\Roaming\Xi
 
< %APPDATA%\*.exe /s >
[2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\TimR\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 00:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\TimR\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.03.01 16:17:12 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\TimR\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.02.17 15:17:45 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\TimR\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.12.04 16:37:20 | 000,088,102 | R--- | M] () -- C:\Users\TimR\AppData\Roaming\Microsoft\Installer\{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}\ARPPRODUCTICON.exe
[2011.12.08 02:33:24 | 000,935,824 | ---- | M] (Samsung) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe
[2011.12.08 02:33:28 | 000,278,928 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe
[2011.11.29 08:44:38 | 000,292,864 | ---- | M] (Samsung) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe
[2011.12.08 02:33:26 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe
[2011.11.29 08:40:26 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ConnectionManager.exe
[2011.11.29 08:40:26 | 000,284,672 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe
[2011.12.06 08:35:14 | 000,691,712 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe
[2011.11.29 08:40:26 | 000,110,080 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\ErrorReport.exe
[2011.12.08 02:33:30 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe
[2011.12.06 08:35:10 | 000,106,408 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe
[2011.12.06 08:35:10 | 000,101,288 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe
[2011.12.08 02:33:34 | 000,131,984 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2011.12.08 02:33:34 | 000,021,392 | ---- | M] () -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe
[2011.12.08 02:33:36 | 003,569,984 | ---- | M] (Freeware) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe
[2011.11.29 08:37:46 | 024,114,392 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2011.12.08 02:33:38 | 000,392,080 | ---- | M] (ml) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.01.04 07:07:42 | 000,371,088 | ---- | M] (ml) -- C:\Users\TimR\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
[2011.04.22 17:02:19 | 000,614,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Users\TimR\AppData\Roaming\Tracker Software\LiveUpdate\Updates\LiveUpdate.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys
[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys
[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll
[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll
[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll
[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys
[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll
[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll
[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll
[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll
[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll
[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.13 16:46:13 | 010,627,072 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1199 bytes -> C:\Users\TimR\Desktop\141] 2012 PhDnet General Survey.eml:OECustomProperty

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 22:12 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131