| elChupacabra | 12.04.2011 10:12 |
Google redirect / Sicherheitscenter nicht aktivierbar
Moin ans Forum
Ich habe seit einigen Tagen das anscheinend öfter auftretende und nicht mit normalen Virenscannern zu lösende Problem mit den Google-Redirects.
Bei einer Googlesuche werde ich die ersten beiden Male wenn ich ein Suchergebnis anklicke immer über www.goingonearth.com auf eine scheinbar zufällige Seite weitergeleitet. Nachfolgende klicks führen dann auf die gewünschte Seite und nach einer gewissen Zeit/Klicks(?) geht das Spiel mit den Redirects wieder los. Zusätzlich lässt sich der Windows-Sicherheitscenterdienst nicht mehr starten mit der schlichten Fehlermeldung "Der Windows Sicherheitscenterdienst kann nicht gestartet werden".
Ich hoffe ihr könnt mir helfen, und sage schon mal Danke im Voraus für die Mühe!
Ich habe bereits AVIRA AntiVir laufen lassen, der folgende zwei Dateien gefunden hat: (ich kann mich allerdings nicht erinnern, diese Dateien irgendwann ausgeführt zu haben) Code:
Durchsuche Prozess 'Sxc.exe' - '1' Modul(e) wurden durchsucht
Modul ist infiziert -> <C:\Users\***\AppData\Local\Temp\Sxc.exe>
[FUND] Ist das Trojanische Pferd TR/Dldr.Renos.PG.47
[HINWEIS] Prozess 'Sxc.exe' wurde beendet
[HINWEIS] Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Q7NZMT7RLB> wurde erfolgreich entfernt.
[HINWEIS] Die Datei wurde gelöscht.
[...]
Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\Sxc.exe'
Der zu durchsuchende Pfad C:\Users\***\AppData\Local\Temp\Sxc.exe konnte nicht geöffnet werden!
Systemfehler [2]: Das System kann die angegebene Datei nicht finden.
Beginne mit der Suche in 'C:\Users\***\AppData\Local\Temp\Sxb.exe'
C:\Users\***\AppData\Local\Temp\Sxb.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Renos.PG.48
Beginne mit der Desinfektion:
C:\Users\***\AppData\Local\Temp\Sxb.exe
[FUND] Ist das Trojanische Pferd TR/Dldr.Renos.PG.48
[HINWEIS] Die Datei wurde gelöscht.
Malwarebytes' hat beim ersten Durchlauf auch etwas gefunden: Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6308
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
08.04.2011 10:09:50
mbam-log-2011-04-08 (10-09-50).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 160966
Laufzeit: 2 Minute(n), 6 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\K8CE6CA1JO (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Q7NZMT7RLB (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
Dann hat Spybot Search & Destroy noch folgendes gefunden: Code:
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Einstellungen (Registrierungsdatenbank-Änderung, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Einstellungen (Registrierungsdatenbank-Änderung, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Nach einem Neustart war der Sicherheitscenterdienst wieder eine Weile aktiv, wird aber nach einiger Zeit immer wieder deaktiviert.
Und hier ist die Ausgabe von OTL.txt:OTL Logfile: Code:
OTL logfile created on: 12.04.2011 09:44:31 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 440,17 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,67 Mb Free Space | 71,67% Space Free | Partition Type: NTFS
Drive F: | 232,79 Gb Total Space | 148,02 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files (x86)\Vercue\Vercue.exe (SharpRegion)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe (Zend Technologies Ltd.)
PRC - C:\Program Files (x86)\Zend\ZendServer\bin\zendcontroller.exe ()
PRC - C:\Program Files (x86)\Zend\ZendServer\bin\php-cgi.exe (The PHP Group)
PRC - C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe (Zend Technologies Ltd.)
PRC - C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe (Zend Technologies Ltd.)
PRC - C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\Zend\Apache2\bin\ApacheMonitor.exe (Apache Software Foundation)
PRC - C:\Program Files (x86)\IDM Computer Solutions\UEStudio\UEStudio.exe (IDM Computer Solutions, Inc.)
PRC - C:\Program Files (x86)\AGFEO\Tk-Suite\tools\ctimon.exe (AGFEO )
========== Modules (SafeList) ==========
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ZendSessionClustering) -- C:\Program Files (x86)\Zend\ZendServer\bin\ZendSessionManager.exe (Zend Technologies Ltd.)
SRV - (ZendJobQueue) -- C:\Program Files (x86)\Zend\ZendServer\bin\jqd.exe (Zend Technologies Ltd.)
SRV - (ZendMonitor) -- C:\Program Files (x86)\Zend\ZendServer\bin\MonitorNode.exe (Zend Technologies Ltd.)
SRV - (Apache2.2-Zend) -- C:\Program Files (x86)\Zend\Apache2\bin\httpd.exe (Apache Software Foundation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A7 4A C8 B4 BD F2 CB 01 [binary data]
IE - HKU\S-1-5-21-162417844-2277982324-1288025200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.6.2
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.6.1
FF - prefs.js..extensions.enabledItems: {3c9761ad-a43d-4447-b924-f5d83cb48063}:2.3
FF - prefs.js..extensions.enabledItems: info@elime.be:1.5
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - HKLM\software\mozilla\Firefox\Extensions\\{3c9761ad-a43d-4447-b924-f5d83cb48063}: C:\Program Files (x86)\Zend\Zend Studio - 8.0.0\toolbars\firefox [2011.03.16 17:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.28 16:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.28 16:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.28 16:19:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2011.03.14 14:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.03.14 14:11:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.04.01 10:42:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpw85brv.default\extensions
[2011.03.14 15:38:36 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpw85brv.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.03.25 10:01:36 | 000,000,000 | ---D | M] ("easy Xdebug") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\kpw85brv.default\extensions\info@elime.be
[2011.03.25 10:39:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.03.23 15:57:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.25 10:08:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{6D1D11DB-3C6C-4DB8-96E4-20F4A1088AAC}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{8F8FE09B-0BD3-4470-BC1B-8CAD42B8203A}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{9EFE12FC-8E7B-41DC-917E-B9341DAA31E0}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KPW85BRV.DEFAULT\EXTENSIONS\FIREGESTURES@XULDEV.ORG.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2011.04.07 17:20:10 | 000,000,759 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O3 - HKLM\..\Toolbar: (Zend Studio) - {95188727-288F-4581-A48D-EAB3BD027314} - C:\PROGRA~2\Zend\ZENDST~1.0\toolbars\ZENDIE~1.DLL (Zend Technologies Ltd)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-162417844-2277982324-1288025200-1000..\Run: [Vercue] C:\Program Files (x86)\Vercue\Vercue.exe (SharpRegion)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\PROGRA~2\Zend\ZENDST~1.0\toolbars\ZENDIE~1.DLL (Zend Technologies Ltd)
O9 - Extra 'Tools' menuitem : Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.2 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011.04.11 14:49:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.04.11 14:19:12 | 037,943,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2011.04.11 09:36:05 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.04.11 09:36:05 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.04.11 09:36:00 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.04.11 09:28:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.04.11 09:28:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.04.11 09:28:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.04.11 09:28:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Sunbelt Software
[2011.04.11 09:27:34 | 000,000,000 | -H-D | C] -- C:\ProgramData\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
[2011.04.11 09:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.04.11 09:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011.04.11 09:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2011.04.11 09:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011.04.08 12:17:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MCEdit-schematics
[2011.04.08 12:17:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\MCEdit-64bit
[2011.04.08 10:07:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.04.08 10:06:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.04.08 10:06:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.08 10:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.08 10:06:18 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.04.08 10:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.04.07 15:19:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.07 15:04:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.04.06 10:31:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\AGFEO
[2011.04.06 10:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGFEO TK-Suite
[2011.04.06 10:27:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGFEO
[2011.04.01 14:35:56 | 000,000,000 | ---D | C] -- C:\opt
[2011.04.01 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\***\ssh
[2011.04.01 13:50:51 | 000,000,000 | ---D | C] -- C:\Users\***\.eclipse
[2011.04.01 13:28:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Eclipse
[2011.04.01 13:28:02 | 000,000,000 | ---D | C] -- C:\Users\***\workspace
[2011.04.01 13:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eclipse
[2011.03.31 16:15:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TortoiseSVN
[2011.03.31 09:02:55 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.31 09:02:54 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.31 09:02:54 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.31 09:02:54 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.28 16:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.03.28 16:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.03.28 16:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.03.28 16:18:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.03.28 16:18:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2011.03.28 16:18:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.03.28 16:18:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.03.25 10:09:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.03.25 10:08:56 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.03.25 10:08:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.03.25 10:08:56 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.03.23 15:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.03.23 15:58:34 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011.03.23 15:58:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2011.03.23 15:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.03.23 15:57:29 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.03.23 15:57:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.03.17 14:37:25 | 000,000,000 | ---D | C] -- C:\Users\***\.local
[2011.03.17 14:37:15 | 000,000,000 | ---D | C] -- C:\Users\***\.config
[2011.03.17 14:31:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KDE 4.5.4 Release
[2011.03.17 14:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KDE
[2011.03.17 14:20:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Trolltech
[2011.03.17 14:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphviz 2.26.3
[2011.03.17 14:12:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Graphviz2.26.3
[2011.03.17 13:40:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.kde
[2011.03.17 11:44:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cygwin
[2011.03.17 11:37:31 | 000,000,000 | ---D | C] -- C:\cygwin
[2011.03.17 11:31:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KDE
[2011.03.16 18:00:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zend Studio
[2011.03.16 18:00:09 | 000,000,000 | ---D | C] -- C:\Users\***\.ZendStudio
[2011.03.16 17:59:45 | 000,000,000 | ---D | C] -- C:\Users\***\Zend
[2011.03.16 17:59:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zend Studio
[2011.03.16 17:44:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2011.03.16 17:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zend Server
[2011.03.16 17:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zend
[2011.03.16 17:42:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Zend
[2011.03.16 17:42:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2011.03.16 10:04:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011.03.15 18:40:35 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011.03.15 18:40:35 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011.03.15 18:40:35 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011.03.15 18:40:35 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011.03.15 18:40:35 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011.03.15 18:40:35 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011.03.15 18:40:35 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011.03.15 18:40:35 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011.03.15 18:40:17 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2011.03.15 10:14:08 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011.03.15 10:14:07 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011.03.15 10:14:06 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011.03.15 10:14:05 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011.03.15 10:13:50 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.03.15 10:13:50 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011.03.15 10:13:49 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011.03.15 10:13:49 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011.03.15 10:13:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011.03.15 10:13:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011.03.15 10:13:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.03.15 10:13:49 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.03.15 10:13:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011.03.15 10:13:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011.03.15 10:13:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011.03.15 10:13:49 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011.03.15 10:13:22 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.15 10:13:22 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.15 10:13:21 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.15 10:13:21 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.15 10:13:21 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.15 10:13:21 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.15 10:13:21 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.15 10:13:21 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.15 10:13:15 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011.03.15 10:13:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011.03.15 10:13:13 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011.03.15 10:13:12 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011.03.15 10:13:11 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011.03.15 10:13:11 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011.03.15 10:13:11 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011.03.15 10:13:11 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011.03.15 10:13:11 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011.03.15 10:13:11 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011.03.15 10:13:11 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011.03.15 10:13:10 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011.03.15 10:13:07 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2011.03.15 10:13:07 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2011.03.15 10:13:01 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2011.03.15 10:13:01 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2011.03.15 10:13:01 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2011.03.15 10:13:01 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2011.03.15 10:13:01 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2011.03.15 10:13:01 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2011.03.15 10:13:01 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2011.03.15 10:13:01 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2011.03.15 10:13:01 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2011.03.15 10:13:00 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2011.03.15 10:13:00 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2011.03.15 10:13:00 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2011.03.15 10:13:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2011.03.15 10:13:00 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2011.03.15 10:13:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2011.03.15 10:13:00 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2011.03.15 10:12:36 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011.03.15 10:12:35 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.03.15 10:12:35 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011.03.15 10:12:35 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.03.15 10:12:35 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011.03.15 10:12:10 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011.03.15 10:12:09 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2011.03.15 10:12:08 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2011.03.15 10:12:08 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2011.03.15 10:12:07 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011.03.15 10:12:07 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2011.03.15 10:12:00 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011.03.15 10:12:00 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011.03.15 10:11:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.03.15 10:11:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.03.15 10:11:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011.03.15 10:11:59 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011.03.15 10:11:59 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011.03.15 10:11:59 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011.03.15 10:11:59 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011.03.15 10:11:59 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011.03.15 10:11:54 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.03.15 10:11:54 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.03.15 10:11:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.03.15 10:11:54 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.03.15 10:11:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.03.15 10:11:54 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.03.15 10:11:53 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.03.15 10:11:52 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011.03.15 10:11:52 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011.03.15 10:11:52 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011.03.15 10:11:51 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011.03.15 10:11:48 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.03.15 10:11:46 | 001,837,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll
[2011.03.15 10:11:46 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10warp.dll
[2011.03.15 10:11:45 | 004,068,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mf.dll
[2011.03.15 10:11:45 | 003,181,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mf.dll
[2011.03.15 10:11:45 | 001,888,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2011.03.15 10:11:44 | 001,863,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2011.03.15 10:11:44 | 001,619,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2011.03.15 10:11:44 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll
[2011.03.15 10:11:44 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1core.dll
[2011.03.15 10:11:43 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2011.03.15 10:11:43 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.03.15 10:11:43 | 000,257,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfreadwrite.dll
[2011.03.15 10:11:43 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll
[2011.03.15 10:11:43 | 000,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfps.dll
[2011.03.15 10:11:43 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfreadwrite.dll
[2011.03.15 10:11:43 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.03.15 10:11:43 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll
[2011.03.15 10:11:42 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll
[2011.03.15 10:11:42 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d10_1.dll
[2011.03.15 10:11:31 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011.03.15 10:11:31 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011.03.15 10:11:30 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2011.03.15 10:11:28 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.03.15 10:11:28 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.03.15 10:11:28 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011.03.15 10:11:16 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011.03.15 10:11:16 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011.03.15 10:11:15 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2011.03.15 10:11:15 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2011.03.15 10:11:14 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2011.03.15 10:11:14 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2011.03.15 10:11:07 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.03.15 10:11:07 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.03.15 10:11:07 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011.03.15 10:11:06 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.03.15 10:10:58 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011.03.15 10:10:58 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011.03.15 10:10:58 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2011.03.15 10:10:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2011.03.15 10:10:58 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011.03.15 10:10:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011.03.15 10:10:54 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011.03.15 10:10:51 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2011.03.15 10:10:45 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011.03.15 10:10:45 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011.03.15 10:10:41 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2011.03.15 10:10:40 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.15 10:10:40 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.15 10:10:40 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.15 10:10:39 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.15 10:10:39 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011.03.15 10:10:33 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011.03.15 10:10:33 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011.03.15 10:10:29 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011.03.15 10:07:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2011.03.15 10:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.03.15 10:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.03.15 10:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.03.15 09:57:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TSVNCache
[2011.03.14 16:13:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Vercue
[2011.03.14 16:12:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vercue
[2011.03.14 16:12:36 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vercue
[2011.03.14 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vercue
[2011.03.14 16:03:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Subversion
[2011.03.14 16:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TortoiseSVN
[2011.03.14 16:03:18 | 000,000,000 | ---D | C] -- C:\Programme\TortoiseSVN
[2011.03.14 16:03:18 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\TortoiseOverlays
[2011.03.14 15:59:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.03.14 15:58:58 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.03.14 15:58:58 | 000,083,120 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.03.14 15:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.03.14 15:58:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.03.14 15:55:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.03.14 15:55:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011.03.14 15:55:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2011.03.14 15:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
[2011.03.14 15:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla FTP Client
[2011.03.14 15:48:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.03.14 14:47:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\IDMComp
[2011.03.14 14:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UEStudio
[2011.03.14 14:47:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IDM Computer Solutions
[2011.03.14 14:46:37 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.03.14 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.03.14 14:44:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.14 14:44:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.03.14 14:44:48 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.03.14 14:42:57 | 000,000,000 | ---D | C] -- C:\Temp
[2011.03.14 14:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\putty
[2011.03.14 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.03.14 14:11:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird
[2011.03.14 14:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird
[2011.03.14 14:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.03.14 14:08:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.03.14 14:08:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2011.03.14 14:08:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.03.14 13:57:58 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2011.03.14 13:57:58 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2011.03.14 13:57:58 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2011.03.14 13:57:58 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2011.03.14 13:52:49 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.03.14 13:52:48 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.03.14 13:52:48 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2011.03.14 13:52:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011.03.14 13:52:40 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2011.03.14 13:52:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011.03.14 13:52:33 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2011.03.14 13:52:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011.03.14 13:52:33 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011.03.14 13:52:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2011.03.14 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2011.03.14 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011.03.14 13:52:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.03.14 13:51:47 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.03.14 13:48:25 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.03.14 13:46:00 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2011.03.14 13:45:45 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.03.14 13:45:01 | 000,000,000 | ---D | C] -- C:\Windows\Panther
========== Files - Modified Within 30 Days ==========
[2011.04.12 09:06:41 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.12 09:06:41 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.12 09:03:59 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.04.12 09:03:59 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.04.12 09:03:59 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.04.12 09:03:59 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.04.12 09:03:59 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.04.12 08:59:21 | 000,000,314 | -HS- | M] () -- C:\Windows\tasks\CYXM.job
[2011.04.12 08:59:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.12 08:59:09 | 3220,504,576 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.11 17:31:54 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.04.11 09:35:59 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011.04.11 09:27:34 | 000,001,150 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.11 09:14:30 | 000,019,528 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.04.08 12:17:26 | 000,001,532 | ---- | M] () -- C:\Users\***\Documents\mcedit.ini
[2011.04.07 14:59:14 | 000,150,016 | RHS- | M] () -- C:\Windows\SysWow64\acppage0.dll
[2011.04.06 10:27:11 | 000,001,271 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk
[2011.04.01 09:22:02 | 000,069,376 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2011.03.28 16:19:18 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.25 10:39:12 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.24 09:56:49 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.03.23 16:00:01 | 000,001,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.03.23 15:58:34 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.03.16 18:00:12 | 000,000,005 | -H-- | M] () -- C:\Users\***\.zs
[2011.03.16 17:59:11 | 000,001,965 | ---- | M] () -- C:\Users\Public\Desktop\Zend Studio - 8.0.0.lnk
[2011.03.16 17:45:39 | 000,002,054 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Apache Web Server Monitor.lnk
[2011.03.16 17:43:57 | 000,000,874 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zend Controller.lnk
[2011.03.14 15:49:14 | 000,002,000 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.03.14 14:11:18 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.03.14 13:49:01 | 000,057,050 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.03.14 13:49:01 | 000,057,050 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.03.14 13:47:27 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.14 13:47:27 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
========== Files Created - No Company Name ==========
[2011.04.11 09:27:34 | 000,001,150 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.04.11 09:14:30 | 000,019,528 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro35.sys
[2011.04.08 12:17:26 | 000,001,532 | ---- | C] () -- C:\Users\***\Documents\mcedit.ini
[2011.04.07 14:59:14 | 000,150,016 | RHS- | C] () -- C:\Windows\SysWow64\acppage0.dll
[2011.04.07 14:59:14 | 000,000,314 | -HS- | C] () -- C:\Windows\tasks\CYXM.job
[2011.04.06 10:27:11 | 000,001,271 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TK-Suite Client.lnk
[2011.03.28 16:19:18 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011.03.28 16:18:11 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.03.25 10:39:12 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.03.23 16:00:01 | 000,001,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011.03.23 15:58:34 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011.03.17 17:01:20 | 000,018,576 | ---- | C] () -- C:\Users\***\Desktop\aend-all-pw.zip
[2011.03.16 18:00:12 | 000,000,005 | -H-- | C] () -- C:\Users\***\.zs
[2011.03.16 17:59:11 | 000,001,965 | ---- | C] () -- C:\Users\Public\Desktop\Zend Studio - 8.0.0.lnk
[2011.03.16 17:45:39 | 000,002,054 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Apache Web Server Monitor.lnk
[2011.03.16 17:43:57 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zend Controller.lnk
[2011.03.15 10:05:12 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.03.14 18:37:56 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.03.14 15:48:42 | 000,002,000 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2011.03.14 14:11:18 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2011.03.14 14:08:28 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.03.14 13:52:54 | 000,001,405 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.03.14 13:52:50 | 000,001,439 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.03.14 13:48:49 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.03.14 13:48:42 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.03.14 13:47:27 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2011.03.14 13:47:27 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.03.14 13:45:45 | 3220,504,576 | -HS- | C] () -- C:\hiberfil.sys
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2011.03.17 13:40:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.kde
[2011.04.11 13:55:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.minecraft
[2011.04.06 10:31:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AGFEO
[2011.04.11 17:29:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FileZilla
[2011.03.17 13:33:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\KDE
[2011.03.23 15:59:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2011.03.14 16:03:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Subversion
[2011.03.14 14:35:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.04.12 08:59:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vercue
[2011.04.12 08:59:21 | 000,000,314 | -HS- | M] () -- C:\Windows\Tasks\CYXM.job
[2009.07.14 07:08:49 | 000,008,190 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
< MD5 for: LSASS.EXE >
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\SysNative\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_023f7c69767c3edd\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_023e7e05767d22ad\lsass.exe
[2009.07.14 03:39:16 | 000,031,232 | ---- | M] (Microsoft Corporation) MD5=0793F40B9B8A1BDD266296409DBD91EA -- C:\Windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_02bd4ae48fa2de68\lsass.exe
< MD5 for: SVCHOST.EXE >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\SysWOW64\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\SysNative\svchost.exe
[2009.07.14 03:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) MD5=C78655BC80301D76ED4FEF1C1EA40A7D -- C:\Windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*.exe /s >
< %APPDATA%\Adobe\Update\*.* >
< %APPDATA%\Update\*.* >
< %APPDATA%\Microsoft\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %SYSTEMDRIVE%\*.* >
[2011.04.12 08:59:09 | 3220,504,576 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.12 08:59:14 | 4294,008,832 | -HS- | M] () -- C:\pagefile.sys
[2011.04.11 14:13:45 | 000,061,706 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_11.04.2011_14.13.19_log.txt
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
< %PROGRAMFILES%\Internet Explorer\*.* >
[2009.07.14 03:14:20 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ExtExport.exe
[2009.07.14 03:15:24 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\hmmapi.dll
[2009.06.10 23:17:22 | 000,002,649 | ---- | M] () -- C:\Program Files (x86)\Internet Explorer\ie8props.propdesc
[2010.10.19 10:10:26 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iecompat.dll
[2010.12.18 07:29:13 | 000,860,160 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
[2009.07.14 03:14:21 | 000,257,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
[2009.07.14 03:14:21 | 000,115,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ielowutil.exe
[2010.12.18 07:29:18 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
[2009.07.14 03:15:28 | 000,200,704 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\IEShims.dll
[2010.12.18 07:33:54 | 000,673,040 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2009.07.14 03:15:35 | 000,524,288 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll
[2009.07.14 03:15:35 | 000,122,880 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
[2009.07.14 03:15:35 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\JSProfilerCore.dll
[2009.07.14 03:15:35 | 000,352,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\jsprofilerui.dll
[2009.06.10 23:14:14 | 000,265,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\msdbg2.dll
[2009.06.10 23:14:15 | 000,355,832 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\pdm.dll
[2009.07.14 03:16:15 | 000,189,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
< %systemroot%\*. /mp /s >
< %systemroot%\*.exe /90 >
< %systemroot%\system32\*.dll /lockedfiles >
[2011.04.07 14:59:14 | 000,150,016 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\acppage0.dll
< %systemroot%\system32\*.dll /90 >
[2011.04.07 14:59:14 | 000,150,016 | RHS- | M] () -- C:\Windows\SysWOW64\acppage0.dll
[2011.02.19 07:32:35 | 000,739,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\d2d1.dll
[2011.02.02 22:40:23 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\deployJava1.dll
[2011.02.19 07:32:48 | 001,074,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\DWrite.dll
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\system32\drivers\*.sys /90 >
< %systemroot%\system32\*.exe /90 >
[2011.02.02 22:40:36 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\java.exe
[2011.02.02 22:40:38 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\javaw.exe
[2011.02.02 22:40:39 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWOW64\javaws.exe
[2011.03.02 19:56:50 | 037,943,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\MRT.exe
< %systemroot%\system32\config\*.sav >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\Tasks\*.job /lockedfiles >
[2011.04.12 08:59:21 | 000,000,314 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\CYXM.job
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
--- --- ---
und von Extras.txt:OTL Logfile: Code:
OTL Extras logfile created on: 12.04.2011 09:44:32 - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 440,17 Gb Free Space | 94,53% Space Free | Partition Type: NTFS
Drive E: | 100,00 Mb Total Space | 71,67 Mb Free Space | 71,67% Space Free | Partition Type: NTFS
Drive F: | 232,79 Gb Total Space | 148,02 Gb Free Space | 63,59% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{936596DB-39C5-49D7-AD0C-9BB1BE1AF72C}" = TortoiseSVN 1.6.13.20954 (64 bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F8C52F6-FE88-4276-B514-1AA8ABD1CA41}" = UEStudio '10.20
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{83E13C2A-65FC-4816-B805-F570D0EE0A85}" = Zend Server
"{A106D3BA-CF1F-4E13-8161-4ACA153E2F96}" = Graphviz
"{A73D4BEE-2BBE-4285-BF6C-4B8C7C002100}" = Zend Studio 8.0.0
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"ESET Online Scanner" = ESET Online Scanner v3
"FileZilla Client" = FileZilla Client 3.3.5.1
"InstallShield_{83E13C2A-65FC-4816-B805-F570D0EE0A85}" = Zend Server
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"tksuite_tksuite_client" = AGFEO TK-Suite Client
"Vercue" = Vercue
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.04.2011 08:16:12 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel:
0x48a543e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cfc22 ID des fehlerhaften Prozesses:
0xbac Startzeit der fehlerhaften Anwendung: 0x01cbf8423b82c334 Pfad der fehlerhaften
Anwendung: C:\Users\***\Downloads\fsbl.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
7cd33a39-6435-11e0-9038-00252282d84a
Error - 11.04.2011 08:17:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel:
0x48a543e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cfc22 ID des fehlerhaften Prozesses:
0x518 Startzeit der fehlerhaften Anwendung: 0x01cbf84271fd5af6 Pfad der fehlerhaften
Anwendung: C:\Users\***\Downloads\fsbl.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
b3fbdda5-6435-11e0-9038-00252282d84a
Error - 11.04.2011 08:18:10 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: fsbl.exe, Version: 2.2.1092.0, Zeitstempel:
0x48a543e2 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000cfc22 ID des fehlerhaften Prozesses:
0xa14 Startzeit der fehlerhaften Anwendung: 0x01cbf8427a7cecc3 Pfad der fehlerhaften
Anwendung: C:\Users\***\Downloads\fsbl.exe Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
c38548a3-6435-11e0-9038-00252282d84a
Error - 11.04.2011 08:21:51 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Temp\formular.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 08:49:46 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 08:49:50 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 08:49:53 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\***\Downloads\esetsmartinstaller_enu.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 09:20:14 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Temp\formular.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 11.04.2011 11:08:48 | Computer Name = ***-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Temp\formular.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error - 12.04.2011 02:59:22 | Computer Name = ***-PC | Source = Apache Service | ID = 3299
Description = The Apache service named reported the following error: >>> httpd.exe:
Could not reliably determine the server's fully qualified domain name, using 127.0.0.1
for ServerName .
[ System Events ]
Error - 11.04.2011 04:29:28 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.04.2011 04:29:29 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 11.04.2011 04:29:29 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.04.2011 04:29:34 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
Error - 12.04.2011 02:59:08 | Computer Name = ***-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 12.04.2011 02:59:17 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.04.2011 02:59:17 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.04.2011 02:59:18 | Computer Name = ***-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.04.2011 02:59:18 | Computer Name = ***-PC | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.04.2011 02:59:22 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "Sicherheitscenter"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058
< End of report >
--- --- --- |
