| buenavista62 | 22.07.2010 17:17 |
Danke für deine Antwort.
Siehe da, es wurden infizierte Objekte gefunden. Soll ich die Dateien löschen?
malwarebytes Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4338
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22.07.2010 18:14:03
mbam-log-2010-07-22 (18-14-03).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 269078
Laufzeit: 42 Minute(n), 2 Sekunde(n)
Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
C:\Users\Ates\AppData\Roaming\lsass.exe (Trojan.Delf) -> No action taken.
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mswupdate (Trojan.Delf) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Delf) -> Data: c:\users\ates\appdata\roaming\lsass.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe "C:\Users\Ates\AppData\Roaming\lsass.exe") Good: (Explorer.exe) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\Ates\AppData\Roaming\lsass.exe (Trojan.Delf) -> No action taken.
| Die zwei OTL logfiles.
OTL Logfile: Code:
OTL logfile created on: 7/22/2010 6:08:36 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Ates\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.71 Gb Total Space | 183.01 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Drive D: | 9.37 Gb Total Space | 9.30 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ATES-PC
Current User Name: Ates
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\Ates\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
PRC - C:\Users\Ates\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
========== Modules (SafeList) ==========
MOD - C:\Users\Ates\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
========== Driver Services (SafeList) ==========
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (NETw5s64) Intel(R) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 F3 E4 CB 75 28 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSWUpdate] C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MSWUpdate] C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.230.1.103 194.230.1.39
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - ("C:\Users\Ates\AppData\Roaming\lsass.exe") - C:\Users\Ates\AppData\Roaming\lsass.exe (YBhiz)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/07/22 17:26:17 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Canneverbe Limited
[2010/07/22 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010/07/22 17:05:04 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Malwarebytes
[2010/07/22 17:04:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/07/22 17:04:47 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/07/22 17:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010/07/22 17:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/22 17:03:33 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Ates\Desktop\OTL.exe
[2010/07/22 01:09:41 | 000,419,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/07/21 15:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010/07/21 15:35:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010/07/21 13:06:32 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2010/07/21 12:18:42 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010/07/21 12:16:09 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2010/07/21 10:35:17 | 000,000,000 | ---D | C] -- C:\Users\Ates\Documents\Meine empfangenen Dateien
[2010/07/21 09:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010/07/21 09:53:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010/07/21 06:09:14 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Avira
[2010/07/21 06:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010/07/21 05:33:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010/07/21 05:33:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework
[2010/07/21 05:33:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/07/21 05:29:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010/07/21 05:28:00 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010/07/21 05:27:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2010/07/21 05:25:34 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Microsoft Help
[2010/07/21 05:25:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/07/21 05:24:25 | 000,000,000 | ---D | C] -- C:\Users\Ates\Tracing
[2010/07/21 05:22:23 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\WinRAR
[2010/07/21 05:21:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2010/07/21 05:15:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2010/07/21 05:15:04 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\DAEMON Tools Lite
[2010/07/21 05:15:02 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010/07/21 05:10:39 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Diagnostics
[2010/07/21 05:08:50 | 000,462,849 | -HS- | C] (YBhiz) -- C:\Users\Ates\AppData\Roaming\lsass.exe
[2010/07/21 05:00:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\uTorrent
[2010/07/21 04:59:44 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\uTorrent
[2010/07/21 04:54:45 | 000,000,000 | ---D | C] -- C:\Users\Ates\Desktop\Sercan
[2010/07/21 04:39:07 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010/07/21 04:39:01 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2010/07/21 04:39:00 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\de
[2010/07/21 04:38:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2010/07/21 04:38:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2010/07/21 04:38:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2010/07/21 04:32:56 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2010/07/21 04:32:56 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2010/07/21 04:32:55 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2010/07/21 04:32:54 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2010/07/21 04:32:49 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2010/07/21 04:32:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2010/07/21 04:32:43 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2010/07/21 04:32:43 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2010/07/21 04:32:43 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2010/07/21 04:32:43 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2010/07/21 04:32:43 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2010/07/21 04:32:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2010/07/21 04:32:43 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2010/07/21 04:32:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2010/07/21 04:32:36 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2010/07/21 04:32:36 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2010/07/21 04:32:36 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2010/07/21 04:32:36 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2010/07/21 04:32:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2010/07/21 04:32:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2010/07/21 04:32:36 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2010/07/21 04:32:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2010/07/21 04:32:36 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2010/07/21 04:32:36 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2010/07/21 04:32:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2010/07/21 04:32:36 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2010/07/21 04:32:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2010/07/21 04:32:35 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2010/07/21 04:32:34 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2010/07/21 04:32:33 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2010/07/21 04:32:33 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2010/07/21 04:32:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2010/07/21 04:32:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2010/07/21 04:32:31 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2010/07/21 04:32:31 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2010/07/21 04:32:27 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2010/07/21 04:32:26 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2010/07/21 04:32:26 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2010/07/21 04:32:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2010/07/21 04:32:17 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2010/07/21 04:32:17 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2010/07/21 04:32:17 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2010/07/21 04:32:16 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2010/07/21 04:32:14 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2010/07/21 04:32:14 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2010/07/21 04:32:14 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2010/07/21 04:32:14 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2010/07/21 04:32:12 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2010/07/21 04:32:03 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2010/07/21 04:31:58 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2010/07/21 04:31:58 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2010/07/21 04:31:53 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2010/07/21 04:31:48 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2010/07/21 04:31:44 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2010/07/21 04:31:40 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2010/07/21 04:31:40 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2010/07/21 04:31:40 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2010/07/21 04:31:40 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2010/07/21 04:31:40 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2010/07/21 04:31:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2010/07/21 04:31:40 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2010/07/21 04:31:40 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2010/07/21 04:31:39 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2010/07/21 04:31:39 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2010/07/21 04:31:39 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2010/07/21 04:31:39 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2010/07/21 04:31:39 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2010/07/21 04:31:39 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2010/07/21 04:31:39 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2010/07/21 04:31:39 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2010/07/21 04:31:39 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2010/07/21 04:31:39 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2010/07/21 04:31:39 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2010/07/21 04:27:40 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010/07/21 04:27:40 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010/07/21 04:27:40 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010/07/21 04:27:40 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010/07/21 04:27:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010/07/21 04:27:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010/07/21 04:26:13 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Google
[2010/07/21 04:25:27 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Macromedia
[2010/07/21 04:25:27 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Adobe
[2010/07/21 04:25:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2010/07/21 04:18:03 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Apps
[2010/07/21 04:18:02 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Deployment
[2010/07/21 04:09:30 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/07/21 04:09:30 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/07/21 04:09:30 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/07/21 04:09:29 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/07/21 04:09:29 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/07/21 04:09:29 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/07/21 04:09:29 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/07/21 04:09:29 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/07/21 04:09:00 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010/07/21 04:07:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010/07/21 04:07:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/07/21 04:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/07/21 04:07:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/07/21 04:04:51 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010/07/21 03:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/07/21 03:57:02 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010/07/21 03:57:02 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010/07/21 03:57:01 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/07/21 03:56:54 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010/07/21 03:56:53 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010/07/21 03:56:52 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010/07/21 03:56:52 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010/07/21 03:56:51 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010/07/21 03:56:51 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010/07/21 03:56:44 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010/07/21 03:56:44 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010/07/21 03:56:44 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010/07/21 03:56:44 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010/07/21 03:56:43 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010/07/21 03:56:43 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010/07/21 03:56:43 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010/07/21 03:56:43 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010/07/21 03:56:43 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010/07/21 03:56:43 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010/07/21 03:56:43 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010/07/21 03:56:43 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010/07/21 03:56:43 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010/07/21 03:56:43 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010/07/21 03:56:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010/07/21 03:56:43 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010/07/21 03:56:38 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010/07/21 03:56:38 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010/07/21 03:56:36 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010/07/21 03:56:36 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010/07/21 03:56:35 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010/07/21 03:56:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010/07/21 03:56:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010/07/21 03:56:32 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010/07/21 03:56:32 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010/07/21 03:56:32 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010/07/21 03:56:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010/07/21 03:56:19 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010/07/21 03:56:16 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/07/21 03:56:16 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/07/21 03:56:14 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/07/21 03:56:13 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010/07/21 03:56:13 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/07/21 03:56:13 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010/07/21 03:56:13 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/07/21 03:56:13 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/07/21 03:56:13 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/07/21 03:56:07 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010/07/21 03:56:07 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010/07/21 03:56:07 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010/07/21 03:56:07 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010/07/21 03:56:05 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010/07/21 03:56:05 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010/07/21 03:56:04 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010/07/21 03:55:59 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010/07/21 03:55:59 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010/07/21 03:55:55 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010/07/21 03:55:54 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010/07/21 03:55:49 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/07/21 03:55:49 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/07/21 03:55:49 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010/07/21 03:55:49 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010/07/21 03:55:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/07/21 03:55:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/07/21 03:46:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010/07/21 03:45:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2010/07/21 03:44:51 | 000,637,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvuninst.exe
[2010/07/21 03:43:36 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010/07/21 03:43:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010/07/21 03:43:35 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010/07/21 03:43:35 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010/07/21 03:39:44 | 000,000,000 | R--D | C] -- C:\Users\Ates\Searches
[2010/07/21 03:39:44 | 000,000,000 | -H-D | C] -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2010/07/21 03:39:31 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Identities
[2010/07/21 03:39:22 | 000,000,000 | R--D | C] -- C:\Users\Ates\Contacts
[2010/07/21 03:39:20 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\VirtualStore
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\Temporary Internet Files
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Templates
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Start Menu
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\SendTo
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Recent
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\PrintHood
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\NetHood
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Videos
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Pictures
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Documents\My Music
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\My Documents
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Local Settings
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\History
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Cookies
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\Application Data
[2010/07/21 03:39:06 | 000,000,000 | -HSD | C] -- C:\Users\Ates\AppData\Local\Application Data
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Temp
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Local\Microsoft
[2010/07/21 03:39:06 | 000,000,000 | ---D | C] -- C:\Users\Ates\AppData\Roaming\Media Center Programs
[2010/07/21 03:39:05 | 000,000,000 | --SD | C] -- C:\Users\Ates\AppData\Roaming\Microsoft
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Videos
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Saved Games
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Pictures
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Music
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Links
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Favorites
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Downloads
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Documents
[2010/07/21 03:39:05 | 000,000,000 | R--D | C] -- C:\Users\Ates\Desktop
[2010/07/21 03:39:05 | 000,000,000 | -H-D | C] -- C:\Users\Ates\AppData
[2010/07/20 15:48:32 | 000,000,000 | ---D | C] -- C:\Qt
========== Files - Modified Within 30 Days ==========
[2010/07/22 18:08:39 | 001,048,576 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT
[2010/07/22 17:33:39 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 17:33:39 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/22 17:24:26 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/07/22 17:24:26 | 000,641,706 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010/07/22 17:24:26 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/07/22 17:24:26 | 000,126,062 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010/07/22 17:24:26 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/07/22 17:03:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Ates\Desktop\OTL.exe
[2010/07/22 16:19:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/22 11:33:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/22 11:33:26 | 3219,812,352 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/22 11:23:55 | 001,808,165 | -H-- | M] () -- C:\Users\Ates\AppData\Local\IconCache.db
[2010/07/22 10:06:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/22 01:09:42 | 000,014,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2010/07/22 01:09:42 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2010/07/22 01:09:41 | 000,419,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\systemcpl.dll
[2010/07/22 00:52:49 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe
[2010/07/22 00:51:29 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\vietxgpix.exe
[2010/07/22 00:45:51 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\wogwaoogy.exe
[2010/07/22 00:44:14 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\obsutgyoc.exe
[2010/07/22 00:37:12 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\hjtoqokki.exe
[2010/07/22 00:35:43 | 000,000,000 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\blcoahjjc.exe
[2010/07/22 00:30:03 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe
[2010/07/22 00:29:14 | 000,166,400 | ---- | M] () -- C:\Users\Ates\AppData\Roaming\upwnvajiw.exe
[2010/07/21 13:06:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2010/07/21 12:20:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010/07/21 12:20:44 | 000,042,045 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010/07/21 09:59:50 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/07/21 06:01:09 | 000,108,840 | ---- | M] () -- C:\Users\Ates\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/21 05:30:53 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/21 05:27:46 | 000,000,478 | ---- | M] () -- C:\Windows\win.ini
[2010/07/21 05:15:52 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/21 05:09:50 | 000,462,849 | -HS- | M] (YBhiz) -- C:\Users\Ates\AppData\Roaming\lsass.exe
[2010/07/21 04:38:16 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2010/07/21 04:38:16 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2010/07/21 03:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:57:21 | 000,524,288 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:57:21 | 000,065,536 | -HS- | M] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 03:41:04 | 000,001,437 | ---- | M] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 03:39:06 | 000,000,020 | -HS- | M] () -- C:\Users\Ates\ntuser.ini
========== Files Created - No Company Name ==========
[2010/07/22 10:06:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010/07/22 00:52:49 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\pvxkcnwcy.exe
[2010/07/22 00:51:29 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\vietxgpix.exe
[2010/07/22 00:45:50 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\wogwaoogy.exe
[2010/07/22 00:44:14 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\obsutgyoc.exe
[2010/07/22 00:37:12 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\hjtoqokki.exe
[2010/07/22 00:35:43 | 000,000,000 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\blcoahjjc.exe
[2010/07/22 00:30:03 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\xdxxsbkuc.exe
[2010/07/22 00:29:13 | 000,166,400 | ---- | C] () -- C:\Users\Ates\AppData\Roaming\upwnvajiw.exe
[2010/07/21 15:35:48 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010/07/21 15:35:48 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010/07/21 12:15:06 | 3219,812,352 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/21 05:30:53 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010/07/21 05:15:52 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010/07/21 04:40:08 | 000,641,706 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2010/07/21 04:40:08 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2010/07/21 04:40:08 | 000,126,062 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2010/07/21 04:40:08 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2010/07/21 03:41:04 | 000,001,437 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2010/07/21 03:39:06 | 000,524,288 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010/07/21 03:39:06 | 000,524,288 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010/07/21 03:39:06 | 000,262,144 | -HS- | C] () -- C:\Users\Ates\ntuser.dat.LOG1
[2010/07/21 03:39:06 | 000,065,536 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010/07/21 03:39:06 | 000,000,290 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2010/07/21 03:39:06 | 000,000,272 | ---- | C] () -- C:\Users\Ates\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2010/07/21 03:39:06 | 000,000,020 | -HS- | C] () -- C:\Users\Ates\ntuser.ini
[2010/07/21 03:39:06 | 000,000,000 | -HS- | C] () -- C:\Users\Ates\ntuser.dat.LOG2
[2010/07/21 03:39:05 | 001,048,576 | -HS- | C] () -- C:\Users\Ates\NTUSER.DAT
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
--- --- ---
OTL Logfile: Code:
OTL Extras logfile created on: 7/22/2010 6:08:36 PM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Ates\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 56.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 288.71 Gb Total Space | 183.01 Gb Free Space | 63.39% Space Free | Partition Type: NTFS
Drive D: | 9.37 Gb Total Space | 9.30 Gb Free Space | 99.21% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ATES-PC
Current User Name: Ates
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Ates\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"NVIDIA Drivers" = NVIDIA Drivers
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.0
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 7/20/2010 11:15:27 PM | Computer Name = Ates-PC | Source = VSS | ID = 8194
Description =
Error - 7/20/2010 11:30:36 PM | Computer Name = Ates-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL".
Die
abhängige Assemblierung "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.08""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 7/21/2010 11:43:09 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8209
Description = Der Authentizitätsstatus ist auf nicht-authentisch (0x00000000) gesetzt
für die Anwendungs-ID 55c92734-d682-4d71-983e-d6ec3f16059f.
Error - 7/21/2010 11:43:09 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8208
Description = Fehler bei der Erfassung des authentischen Tickets (hr=0xC004C4A2)
für die Vorlagen-ID 66c92734-d682-4d71-983e-d6ec3f16059f.
Error - 7/21/2010 7:14:06 PM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x80070005
Error - 7/21/2010 7:14:06 PM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 7/22/2010 3:58:17 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x80070005
Error - 7/22/2010 3:58:17 AM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
Error - 7/22/2010 5:42:41 AM | Computer Name = Ates-PC | Source = Software Protection Platform Service | ID = 8198
Description = Fehler bei der Lizenzaktivierung (slui.exe). Fehlercode: 0x80070005
Error - 7/22/2010 5:42:41 AM | Computer Name = Ates-PC | Source = Winlogon | ID = 4103
Description = Fehler bei der Windows-Lizenzaktivierung. Fehler 0x00000000.
[ System Events ]
Error - 7/21/2010 1:32:06 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.33 registriert werden. Der Computer mit IP-Adresse 192.168.1.35
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/21/2010 1:32:52 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.33 registriert werden. Der Computer mit IP-Adresse 192.168.1.35
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/21/2010 1:32:53 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.33 registriert werden. Der Computer mit IP-Adresse 192.168.1.35
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/21/2010 1:35:18 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 7/21/2010 1:37:09 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC :0" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.33 registriert werden. Der Computer mit IP-Adresse 192.168.1.35
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/21/2010 1:37:12 PM | Computer Name = Ates-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
\Device\NetBT_Tcpip_{F413484F-0454-4B7F-9D9B-03550CF756AE} vom Serverdienst nicht
gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error - 7/21/2010 1:37:12 PM | Computer Name = Ates-PC | Source = NetBT | ID = 4321
Description = Der Name "ATES-PC :20" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.1.33 registriert werden. Der Computer mit IP-Adresse 192.168.1.35
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.
Error - 7/21/2010 1:41:35 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 7/21/2010 7:02:42 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 7/21/2010 7:12:42 PM | Computer Name = Ates-PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
--- --- ---
Ist jetzt schon ziemlich mühsam, fast schon unglaublich. Das stresst mich ziemlich.:( |
