PING.EXE erheblicher Ressourcenverbrauch

Kawai · 27.08.2011, 18:03

Hallo,
seit gestern abend habe ich das Problem, dass auf meinem Rechner ständig eine Ping.exe ausgeführt wird, die je Speicher und CPU verbraucht desto länger sie läuft. Bei 20min sind das schon mal gut 210MiB RAM und 80%CPU.
Zudem versucht sie sich auf IPs zu verbinden, was Malwarebyte unterbindet.
Diese Ips sind meisten
178.162.135.66
208.73.212.29
208.87.32.69
67.29.139.153 .

Antimalwarebyte fand gestern bei einem Komplettscan folgende Datein

Code:

ATTFilter

c:\Users\Kaimei\AppData\Local\shxtap.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.
c:\Users\Kaimei\AppData\Roaming\Yvqii\arziy.exe (Trojan.Agent) -> Quarantined and deleted successfully.

wenn ich das System heute nach nem Reboot scanne, ist nichts mehr zu finden, jedoch besteht das Problem mit der Ping.exe weiterhin.
Avira findet auch keine Viren.

Ich hoffe es kann mir jemand helfen, das Problem zu beseitigen.

Ich danke schon mal

Da ist das OTL logfile.

Zitat:

OTL logfile created on: 27.08.2011 15:52:25 - Run 2
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Kaimei\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 0,42 Gb Available Physical Memory | 21,15% Memory free
4,00 Gb Paging File | 1,67 Gb Available in Paging File | 41,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 18,16 Gb Free Space | 3,90% Space Free | Partition Type: NTFS

Computer Name: KAIMEI-PC | User Name: Kaimei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kaimei\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\program files (x86)\avira\antivir desktop\avscan.exe (Avira GmbH)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Users\Kaimei\Downloads\utorrent-1.6.1.exe ()
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Users\Kaimei\Desktop\putty06.exe (Simon Tatham)
PRC - C:\Program Files (x86)\Psi\Psi.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)

========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Users\Kaimei\AppData\Roaming\Mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\gecko6\WINNT_x86-msvc\SSSLauncher.dll ()
MOD - C:\Users\Kaimei\Downloads\utorrent-1.6.1.exe ()
MOD - C:\program files (x86)\avira\antivir desktop\sqlite3.dll ()
MOD - C:\Program Files (x86)\Psi\Psi.exe ()
MOD - C:\Program Files (x86)\Psi\QtCore4.dll ()
MOD - C:\Program Files (x86)\Psi\imageformats\qmng4.dll ()
MOD - C:\Program Files (x86)\Psi\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\Psi\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Psi\Qt3Support4.dll ()
MOD - C:\Program Files (x86)\Psi\QtSql4.dll ()
MOD - C:\Program Files (x86)\Psi\QtGui4.dll ()
MOD - C:\Program Files (x86)\Psi\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Psi\QtXml4.dll ()
MOD - C:\Program Files (x86)\Psi\gstprovider.dll ()
MOD - C:\Program Files (x86)\Psi\crypto\qca-gnupg2.dll ()
MOD - C:\Program Files (x86)\Psi\crypto\qca-ossl2.dll ()
MOD - C:\Program Files (x86)\Psi\qca2.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstjpeg.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvorbis.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgsttheora.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstogg.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvolume.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvideoscale.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstvideorate.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgsttypefindfunctions.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstaudioresample.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstdecodebin.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstffmpegcolorspace.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstaudioconvert.dll ()
MOD - C:\Program Files (x86)\Psi\libgstvideo-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstrtp-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstriff-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstpbutils-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstnetbuffer-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstaudio-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgsttag-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstinterfaces-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstcoreindexers.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstcoreelements.dll ()
MOD - C:\Program Files (x86)\Psi\libgstcontroller-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstbase-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libgstreamer-0.10-0.dll ()
MOD - C:\Program Files (x86)\Psi\libssl32.dll ()
MOD - C:\Program Files (x86)\Psi\libeay32.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstspeex.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstrtp.dll ()
MOD - C:\Program Files (x86)\Psi\gstreamer-0.10\libgstlevel.dll ()
MOD - C:\Program Files (x86)\Psi\libspeexdsp-1.dll ()
MOD - C:\Program Files (x86)\Psi\libspeex-1.dll ()
MOD - C:\Program Files (x86)\Psi\libtheoraenc-1.dll ()
MOD - C:\Program Files (x86)\Psi\libtheoradec-1.dll ()
MOD - C:\Program Files (x86)\Psi\libvorbisenc-2.dll ()
MOD - C:\Program Files (x86)\Psi\libvorbis-0.dll ()
MOD - C:\Program Files (x86)\Psi\libogg-0.dll ()
MOD - C:\Program Files (x86)\Psi\liboil-0.3-0.dll ()
MOD - C:\Program Files (x86)\Psi\mingwm10.dll ()
MOD - C:\Program Files (x86)\Psi\aspell-15.dll ()

========== Win32 Services (SafeList) ==========

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_2da1ebd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)

========== Driver Services (SafeList) ==========

DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PsxDrv) -- C:\Windows\SysNative\drivers\psxdrv.sys (Microsoft Corporation)
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc. )
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\Alcwdm64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (xfiltx64) -- C:\Windows\SysNative\drivers\xfiltx64.sys (VIA Technologies,Inc)
DRV:64bit: - (videX64) -- C:\Windows\SysNative\drivers\videX64.sys (VIA Technologies, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 2C 77 A7 75 B5 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.17 12:47:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.23 00:10:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.19 07:05:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.15 08:09:38 | 000,000,000 | ---D | M]

[2010.02.08 17:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions
[2010.02.08 17:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.26 18:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions
[2010.12.29 13:34:27 | 000,000,000 | ---D | M] ("XHTML Ruby Support") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0620B69D-7B58-416d-A92A-0198860C2757}
[2011.08.02 12:06:00 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.07.17 13:38:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.24 13:48:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.02.08 18:15:23 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2011.06.01 12:43:14 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.03.23 00:12:23 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.05.15 00:18:01 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.02.08 18:15:23 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.07.17 19:33:37 | 000,000,000 | ---D | M] ("TorrentFlux Add") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{AF77DAB8-8DCE-46d6-99D7-901C063EDA97}
[2011.01.08 01:03:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.08.26 18:36:00 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\flashfirebug@o-minds.com
[2010.03.10 22:38:15 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\illimitux@illimitux.net
[2010.04.19 18:55:06 | 000,000,000 | ---D | M] ("Pastebin.com Quick Paster") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\upload_text@Pastebin.com
[2011.03.22 19:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.17 12:47:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.28 18:47:01 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.03.23 00:10:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.23 00:10:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.23 00:10:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.23 00:10:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.23 00:10:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.23 00:10:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

Hosts file not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [µTorrent] C:\Users\Kaimei\Downloads\utorrent-1.6.1.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe ()
O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 196.83.24.208
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\ProgramData\OcLVneIOUmyW.dll) - File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Yvqii
[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Ydupzu
[2011.08.22 20:59:31 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\noa-x
[2011.08.13 12:50:17 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.08.13 12:50:17 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.08.13 12:50:17 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.08.13 12:50:17 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.08.10 13:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minnetonka Audio
[2011.08.10 13:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minnetonka Audio Software
[2011.08.05 22:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011.08.05 22:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010.02.08 16:57:57 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011.08.27 16:17:51 | 000,000,250 | ---- | M] () -- C:\Users\Kaimei\mm.cfg
[2011.08.27 15:47:26 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND
[2011.08.27 13:20:28 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.27 13:20:28 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.27 13:14:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.27 13:14:47 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.26 20:54:13 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd
[2011.08.24 21:18:02 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.24 21:18:02 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.24 21:18:02 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.24 21:18:02 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.24 21:18:02 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.22 20:59:31 | 000,000,306 | ---- | M] () -- C:\Users\Kaimei\Desktop\TS3 Admin.appref-ms
[2011.08.20 00:23:38 | 000,001,861 | ---- | M] () -- C:\Users\Kaimei\attachment.obj
[2011.08.19 21:42:02 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.08.13 11:38:31 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.08.10 15:32:14 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.08.10 15:23:44 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.08.10 15:23:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.08.01 14:54:20 | 000,044,316 | ---- | M] () -- C:\Users\Kaimei\Documents\server.kdb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011.08.24 20:46:26 | 000,001,861 | ---- | C] () -- C:\Users\Kaimei\attachment.obj
[2011.07.16 12:40:57 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011.07.16 12:40:57 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011.07.16 12:40:57 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011.07.16 12:40:57 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011.07.16 12:40:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011.07.16 11:58:29 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2011.07.10 01:17:32 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.27 22:02:26 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.03.24 20:10:00 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.24 20:09:52 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.24 20:09:44 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.12.02 20:05:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\DVDKeyAuth.dll
[2010.09.29 19:34:16 | 000,000,162 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.09.15 08:37:27 | 000,003,584 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 01:02:32 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\utvideo.dll
[2010.06.20 00:18:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.06.20 00:18:54 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010.06.20 00:18:54 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.20 00:18:54 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.06.20 00:18:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.05.08 02:55:00 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini
[2010.03.21 19:28:17 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.03.10 08:24:25 | 000,289,568 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.18 03:18:36 | 000,000,133 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\default.rss
[2010.02.18 03:13:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.13 01:39:18 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini
[2010.02.11 14:32:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.02.09 17:36:58 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND
[2010.02.09 15:44:10 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd
[2010.02.09 04:07:26 | 000,002,298 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\ASSDraw3.cfg
[2010.02.08 16:57:57 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010.02.08 16:57:57 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat
[2010.02.08 16:52:01 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2010.02.08 16:51:46 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2010.02.08 16:51:46 | 000,037,376 | R--- | C] () -- C:\Windows\CPLUtl64.exe
[2010.02.08 16:51:44 | 000,000,164 | R--- | C] () -- C:\Windows\avrack.ini
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004.08.30 14:26:16 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2002.10.16 00:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll

< End of report >

cosinus · 28.08.2011, 16:36

Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Kawai · 29.08.2011, 06:42

Danke schonmal für deine Hilfe

Da ist wie gesagt das Ergebnis von Malwarebytes, was keine Infektionen mehr findet

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7587

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.08.2011 23:08:23
mbam-log-2011-08-27 (23-07-50).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 709339
Laufzeit: 4 Stunde(n), 5 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Code:

ATTFilter

OTL logfile created on: 29.08.2011 07:02:35 - Run 3
OTL by OldTimer - Version 3.2.26.5     Folder = C:\Users\Kaimei\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 38,94% Memory free
4,00 Gb Paging File | 2,58 Gb Available in Paging File | 64,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 18,18 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
 
Computer Name: KAIMEI-PC | User Name: Kaimei | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Kaimei\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Windows\SysWOW64\PING.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
PRC - C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_2da1ebd.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (WinVNC4) -- C:\Program Files (x86)\RealVNC\VNC4\WinVNC4.exe (RealVNC Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (PsxDrv) -- C:\Windows\SysNative\drivers\psxdrv.sys (Microsoft Corporation)
DRV:64bit: - (FETNDIS) -- C:\Windows\SysNative\drivers\fet6x64.sys (VIA Technologies, Inc.              )
DRV:64bit: - (RTL8023x64) -- C:\Windows\SysNative\drivers\Rtnic64.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (emAudio) -- C:\Windows\SysNative\drivers\emAudio64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (DCamUSBEMPIA) -- C:\Windows\SysNative\drivers\emDevice64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (FiltUSBEMPIA) -- C:\Windows\SysNative\drivers\emFilter64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ScanUSBEMPIA) -- C:\Windows\SysNative\drivers\emScan64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\Alcwdm64.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (xfiltx64) -- C:\Windows\SysNative\drivers\xfiltx64.sys (VIA Technologies,Inc)
DRV:64bit: - (videX64) -- C:\Windows\SysNative\drivers\videX64.sys (VIA Technologies, Inc.)
DRV:64bit: - (MarvinBus) -- C:\Windows\SysNative\drivers\MarvinBus64.sys (Pinnacle Systems GmbH)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SASDIFSV) -- C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM) -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3E 2C 77 A7 75 B5 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.709: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.709: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\Win32\npPDFXCviewNPPlugin.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.08.17 12:47:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.23 00:10:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.19 07:05:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.12.15 08:09:38 | 000,000,000 | ---D | M]
 
[2010.02.08 17:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions
[2010.02.08 17:00:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.28 00:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions
[2010.12.29 13:34:27 | 000,000,000 | ---D | M] ("XHTML Ruby Support") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0620B69D-7B58-416d-A92A-0198860C2757}
[2011.08.02 12:06:00 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2011.07.17 13:38:01 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.08.24 13:48:28 | 000,000,000 | ---D | M] (Html Validator) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{3b56bcc7-54e5-44a2-9b44-66c3ef58c13e}
[2010.02.08 18:15:23 | 000,000,000 | ---D | M] (Mega Manager Integration) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{40a1f5d7-afc2-498f-b264-02668d616ff6}
[2011.06.01 12:43:14 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2011.03.23 00:12:23 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2011.05.15 00:18:01 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010.02.08 18:15:23 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.07.17 19:33:37 | 000,000,000 | ---D | M] ("TorrentFlux Add") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{AF77DAB8-8DCE-46d6-99D7-901C063EDA97}
[2011.01.08 01:03:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2011.08.26 18:36:00 | 000,000,000 | ---D | M] (FlashFirebug) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\flashfirebug@o-minds.com
[2010.03.10 22:38:15 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\illimitux@illimitux.net
[2010.04.19 18:55:06 | 000,000,000 | ---D | M] ("Pastebin.com Quick Paster") -- C:\Users\Kaimei\AppData\Roaming\mozilla\Firefox\Profiles\fcnyq30v.default\extensions\upload_text@Pastebin.com
[2011.03.22 19:36:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.08.17 12:47:38 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.28 18:47:01 | 000,061,832 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files (x86)\mozilla firefox\plugins\npatgpc.dll
[1999.12.31 17:00:00 | 000,164,120 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.03.23 00:10:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.23 00:10:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.23 00:10:01 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.23 00:10:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.23 00:10:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.23 00:10:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [SoundMan] C:\Windows\soundman.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [µTorrent] C:\Users\Kaimei\Downloads\utorrent-1.6.1.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Psi.lnk = C:\Program Files (x86)\Psi\Psi.exe ()
O4 - Startup: C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Skype.lnk =  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1 ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 196.83.24.208
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: AppSecDll - (C:\ProgramData\OcLVneIOUmyW.dll) -  File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe ()
MsConfig:64bit - StartUpReg: PCLEUSBTip - hkey= - key= - C:\Program Files (x86)\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig:64bit - StartUpReg: Share - hkey= - key= - C:\Users\Kaimei\Desktop\Share Client\Share.exe ()
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files\CS1.6\Steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MsConfig:64bit - StartUpReg: USBToolTip - hkey= - key= - C:\Program Files (x86)\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {13KP1HCO-DQ56-LPVW-7N04-V32O5CC3JG40} - C:\Windows\system32\System32\WinUpdates.exe Restart
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: {ZEQ2GQ1B-MY0K-U6HR-2ENY-9LU4ENX7GR10} - C:\Users\Kaimei\AppData\Local\Temp\holyshit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.lameacm - LameACM.acm (hxxp://www.mp3dev.org/)
Drivers32:64bit: VIDC.I420 -  File not found
Drivers32:64bit: VIDC.LAGS - lagarith.dll ( )
Drivers32:64bit: VIDC.ULRA - C:\Windows\system32\utvideo.dll ()
Drivers32:64bit: VIDC.ULRG - C:\Windows\system32\utvideo.dll ()
Drivers32:64bit: VIDC.ULY0 - C:\Windows\system32\utvideo.dll ()
Drivers32:64bit: VIDC.ULY2 - C:\Windows\system32\utvideo.dll ()
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.HYMT - C:\Windows\SysWow64\huffyuv_mt.dll (Disappearing Inc.)
Drivers32: VIDC.LAGS - C:\Windows\SysWow64\lagarith.dll ( )
Drivers32: VIDC.ULRA - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.ULRG - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.ULY0 - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.ULY2 - C:\Windows\SysWOW64\utvideo.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.28 18:03:00 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Yvqii
[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Ydupzu
[2011.08.22 20:59:31 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\noa-x
[2011.08.13 12:50:17 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.08.13 12:50:17 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.08.13 12:50:17 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.08.13 12:50:17 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.08.10 13:41:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minnetonka Audio
[2011.08.10 13:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Minnetonka Audio Software
[2011.08.05 22:50:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack
[2011.08.05 22:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010.02.08 16:57:57 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.29 07:02:39 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.29 07:02:39 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.29 07:02:37 | 000,000,034 | ---- | M] () -- C:\Users\Kaimei\mm.cfg
[2011.08.29 06:56:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.29 06:56:19 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.27 17:44:56 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND
[2011.08.26 20:54:13 | 000,000,600 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd
[2011.08.24 21:18:02 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.24 21:18:02 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.24 21:18:02 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.24 21:18:02 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.24 21:18:02 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.22 20:59:31 | 000,000,306 | ---- | M] () -- C:\Users\Kaimei\Desktop\TS3 Admin.appref-ms
[2011.08.20 00:23:38 | 000,001,861 | ---- | M] () -- C:\Users\Kaimei\attachment.obj
[2011.08.19 21:42:02 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2011.08.10 15:32:14 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.08.10 15:23:44 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.08.10 15:23:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.08.10 15:23:36 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2011.08.10 15:23:30 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2011.08.01 14:54:20 | 000,044,316 | ---- | M] () -- C:\Users\Kaimei\Documents\server.kdb
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.24 20:46:26 | 000,001,861 | ---- | C] () -- C:\Users\Kaimei\attachment.obj
[2011.07.16 12:40:57 | 000,196,096 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011.07.16 12:40:57 | 000,138,752 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011.07.16 12:40:57 | 000,136,192 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011.07.16 12:40:57 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011.07.16 12:40:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011.07.16 11:58:29 | 000,153,088 | ---- | C] () -- C:\Program Files (x86)\UNWISE.EXE
[2011.07.10 01:17:32 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.27 22:02:26 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011.03.24 20:10:00 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.03.24 20:09:52 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.03.24 20:09:44 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.12.02 20:05:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\DVDKeyAuth.dll
[2010.09.29 19:34:16 | 000,000,162 | ---- | C] () -- C:\Windows\Readiris.ini
[2010.09.15 08:37:27 | 000,003,584 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.26 01:02:32 | 000,135,168 | ---- | C] () -- C:\Windows\SysWow64\utvideo.dll
[2010.06.20 00:18:57 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.06.20 00:18:54 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2010.06.20 00:18:54 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.06.20 00:18:54 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.06.20 00:18:50 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.05.08 02:55:00 | 000,000,140 | ---- | C] () -- C:\Windows\winamp.ini
[2010.03.21 19:28:17 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.03.10 08:24:25 | 000,289,568 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.02.18 03:18:36 | 000,000,133 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\default.rss
[2010.02.18 03:13:21 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.13 01:39:18 | 000,000,028 | ---- | C] () -- C:\Windows\lagarith.ini
[2010.02.11 14:32:07 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.02.09 17:36:58 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Local\PUTTY.RND
[2010.02.09 15:44:10 | 000,000,600 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\winscp.rnd
[2010.02.09 04:07:26 | 000,002,298 | ---- | C] () -- C:\Users\Kaimei\AppData\Roaming\ASSDraw3.cfg
[2010.02.08 16:57:57 | 000,695,642 | ---- | C] () -- C:\Windows\unins000.exe
[2010.02.08 16:57:57 | 000,001,990 | ---- | C] () -- C:\Windows\unins000.dat
[2010.02.08 16:52:01 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\ChCfg.exe
[2010.02.08 16:51:46 | 000,147,456 | R--- | C] () -- C:\Windows\SysWow64\RtlCPAPI.dll
[2010.02.08 16:51:46 | 000,037,376 | R--- | C] () -- C:\Windows\CPLUtl64.exe
[2010.02.08 16:51:44 | 000,000,164 | R--- | C] () -- C:\Windows\avrack.ini
[2009.10.20 20:19:30 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2004.08.30 14:26:16 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2002.10.16 00:54:04 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
 
========== LOP Check ==========
 
[2011.07.18 11:36:21 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\.minecraft
[2010.10.20 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Acronis
[2011.07.24 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Aegisub
[2011.05.19 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\aog
[2011.05.02 22:59:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Audacity
[2010.03.09 21:45:31 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Azureus
[2010.02.09 04:06:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\com.adobe.ExMan
[2010.04.05 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DAEMON Tools Lite
[2011.04.15 20:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\deluge
[2010.11.09 21:36:09 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoft
[2010.09.15 08:30:50 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.14 00:07:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FileZilla
[2010.07.15 20:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FlashFXP
[2011.07.07 07:05:07 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\go
[2010.03.03 16:02:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\gtk-2.0
[2010.12.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HandBrake
[2011.07.22 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HLSW
[2011.08.26 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\ICQ
[2010.04.15 21:33:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KeePass
[2010.11.20 15:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kompozer.net
[2010.02.16 00:50:18 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kSub
[2010.02.08 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc
[2010.07.27 21:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc4
[2010.05.12 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient
[2010.05.11 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.05.07 21:15:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mael
[2010.04.24 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Miranda
[2011.05.28 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\MySQL
[2010.12.01 14:13:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Notepad++
[2010.03.16 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\OpenOffice.org
[2010.06.06 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\streamripper
[2010.04.09 21:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Subversion
[2010.10.22 19:38:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeamViewer
[2011.08.24 22:20:28 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeraCopy
[2010.05.08 03:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thinstall
[2010.02.08 17:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thunderbird
[2010.07.11 00:39:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TrueCrypt
[2011.05.22 16:47:23 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TS3Client
[2011.02.16 00:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TuneUp Software
[2010.05.19 17:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Usenet.nl
[2011.08.29 06:58:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\uTorrent
[2010.02.09 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yamb
[2010.09.29 18:35:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\YCanPDF
[2011.08.26 19:27:28 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Ydupzu
[2011.08.27 01:17:07 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yvqii
[2011.08.26 18:28:28 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.07.18 11:36:21 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\.minecraft
[2010.10.20 16:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Acronis
[2011.03.16 16:55:01 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Adobe
[2011.07.24 20:56:20 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Aegisub
[2011.05.19 22:59:23 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\aog
[2010.11.09 19:29:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Apple Computer
[2011.05.02 22:59:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Audacity
[2010.11.12 12:06:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Avira
[2010.03.09 21:45:31 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Azureus
[2010.02.09 04:06:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\com.adobe.ExMan
[2010.04.05 22:03:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DAEMON Tools Lite
[2011.04.15 20:55:32 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\deluge
[2010.07.12 02:32:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DivX
[2010.09.21 15:22:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\dvdcss
[2010.11.09 21:36:09 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoft
[2010.09.15 08:30:50 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.14 00:07:54 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FileZilla
[2010.07.15 20:18:41 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\FlashFXP
[2011.07.07 07:05:07 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\go
[2010.03.03 16:02:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\gtk-2.0
[2010.12.02 20:38:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HandBrake
[2011.07.22 15:06:25 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\HLSW
[2011.08.26 12:41:59 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\ICQ
[2010.02.08 16:28:32 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Identities
[2011.07.16 12:38:26 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\InstallShield
[2010.04.15 21:33:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KeePass
[2010.11.20 15:06:58 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kompozer.net
[2010.02.16 00:50:18 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\kSub
[2010.02.08 18:17:51 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc
[2010.07.27 21:07:30 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\KVIrc4
[2010.05.12 20:56:34 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient
[2010.05.11 18:46:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010.02.08 17:02:15 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Macromedia
[2010.05.07 21:15:12 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mael
[2010.02.24 21:30:47 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Media Center Programs
[2011.08.05 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Media Player Classic
[2010.11.23 22:25:58 | 000,000,000 | --SD | M] -- C:\Users\Kaimei\AppData\Roaming\Microsoft
[2010.04.24 16:16:48 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Miranda
[2011.02.16 19:47:07 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\mIRC
[2010.02.08 16:32:39 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Mozilla
[2011.05.28 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\MySQL
[2010.02.16 14:47:25 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Nero
[2010.12.01 14:13:24 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Notepad++
[2010.03.16 21:53:56 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\OpenOffice.org
[2010.11.07 00:03:04 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\PSpad
[2010.06.20 01:16:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Real
[2011.02.08 17:09:01 | 000,000,000 | RH-D | M] -- C:\Users\Kaimei\AppData\Roaming\SecuROM
[2011.08.29 06:58:13 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Skype
[2011.05.28 16:03:13 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\SkypePM
[2010.06.06 23:21:22 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\streamripper
[2010.04.09 21:57:44 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Subversion
[2010.02.24 22:45:28 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\SUPERAntiSpyware.com
[2011.01.29 21:29:15 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\teamspeak2
[2010.10.22 19:38:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeamViewer
[2011.08.24 22:20:28 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TeraCopy
[2010.05.08 03:02:52 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thinstall
[2010.02.08 17:00:10 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Thunderbird
[2011.03.13 01:01:57 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TortoiseGit
[2010.05.05 20:26:02 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TortoiseSVN
[2010.07.11 00:39:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TrueCrypt
[2011.05.22 16:47:23 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TS3Client
[2011.02.16 00:56:19 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\TuneUp Software
[2010.05.19 17:59:11 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Usenet.nl
[2011.08.29 06:58:08 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\uTorrent
[2011.07.22 17:03:25 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\vlc
[2011.05.01 21:50:53 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Winamp
[2010.02.08 22:41:21 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\WinRAR
[2010.02.09 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yamb
[2010.09.29 18:35:35 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\YCanPDF
[2011.08.26 19:27:28 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Ydupzu
[2011.08.27 01:17:07 | 000,000,000 | ---D | M] -- C:\Users\Kaimei\AppData\Roaming\Yvqii
 
< %APPDATA%\*.exe /s >
[2010.05.11 18:02:49 | 000,038,784 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011.07.16 12:15:28 | 000,029,926 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{6DE721A5-5E89-4D74-994C-652BB3C0672E}\ARPPRODUCTICON.exe
[2011.01.03 17:05:37 | 000,005,120 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{7E60C9C0-B135-41FE-8EEA-0B021BB63234}\Icon7E60C9C0.exe
[2011.07.10 20:10:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
[2011.07.10 20:10:28 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
[2011.07.10 20:10:28 | 000,008,854 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
[2011.03.06 15:29:08 | 000,119,808 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
[2008.12.02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI.exe
[2008.12.01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI32.exe
[2008.12.01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\UnInstallMSI64.exe
[2008.11.26 06:57:44 | 000,737,280 | R--- | M] () -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\USBAutoRun.exe
[2008.11.26 13:59:32 | 006,450,574 | R--- | M] (Macrovision Corporation) -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Templates\F\tools\LGInternetKit_V3.0.0.24_Setup.exe
[2011.03.19 17:22:09 | 000,188,152 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Mozilla\Firefox\Profiles\fcnyq30v.default\FlashGot.exe
[2011.07.28 14:00:22 | 000,045,056 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Mozilla\Firefox\Profiles\fcnyq30v.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
[2009.06.29 08:26:54 | 000,235,764 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Yamb\MP4Box.exe
[2010.02.09 18:12:35 | 000,128,682 | ---- | M] (hxxp://yamb.unite-video.com) -- C:\Users\Kaimei\AppData\Roaming\Yamb\Uninstall.exe
[2009.06.29 14:15:54 | 002,424,832 | ---- | M] (Kurtnoise) -- C:\Users\Kaimei\AppData\Roaming\Yamb\Yamb.exe
[2009.05.03 20:25:40 | 001,871,360 | ---- | M] (madshi.net) -- C:\Users\Kaimei\AppData\Roaming\Yamb\eac3to\eac3to.exe
[2009.06.07 11:10:40 | 002,282,496 | ---- | M] () -- C:\Users\Kaimei\AppData\Roaming\Yamb\mkvextract\mkvextract.exe
 
< %SYSTEMDRIVE%\*.exe >
[2009.09.11 17:22:34 | 000,592,208 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2009.06.19 19:28:22 | 001,030,674 | ---- | M] () -- C:\x264.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2010.01.21 20:08:05 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\500 GB  platte\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
[2010.01.21 20:08:05 | 000,037,520 | ---- | M] (perl.org) MD5=2852D57385C4709EAAE2F9DB01AD3672 -- C:\xampp\perl\site\lib\auto\Win32\EventLog\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: VIAMRAID.SYS  >
[2006.11.08 15:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\via_raid_vista_mb\VIARaid\DRIVER\Raid\winnt40\viamraid.sys
[2006.11.08 15:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\drvdisk\i386\NT4\viamraid.sys
[2006.11.08 15:25:24 | 000,116,688 | R--- | M] (VIA Technologies inc,.ltd) MD5=68B41DFA083C2734340BA254532700F3 -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\VIARaid\DRIVER\Raid\winnt40\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\via_raid_vista_mb\VIARaid\DRIVER\Raid\winxp\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\drvdisk\i386\NT5\viamraid.sys
[2006.11.08 15:23:52 | 000,102,912 | R--- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Users\Kaimei\Downloads\VIA4in1_MB\VIA\VIARaid\DRIVER\Raid\winxp\viamraid.sys
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 29.08.2011, 10:25

Zitat:

Datenbank Version: 7587

Du hast Malwarebytes vorher nicht aktualisiert. Bitte updaten und einen Vollscan machen.

Kawai · 29.08.2011, 12:40

Ok, Datenbank noch mal neu aktuallisiert. Der Scan läuft.
Habe gerade gesehen, dass er die OTL Datei irgendwie nicht in den Anhang packen wollte. Habs daher neu angehängt und melde mich wieder wenn der Malwarebyte Scan in ca 4Std. fertig ist.

Kawai · 29.08.2011, 16:08

Hier noch mal das Ergebnis eines neuen Scans mit einer zuvor aktualisierten DB Version.
Ich hoffe du kannst mir jetzt besser helfen und bedanke mich schon mal.

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7604

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.08.2011 17:05:49
mbam-log-2011-08-29 (17-05-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 718406
Laufzeit: 3 Stunde(n), 25 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus · 29.08.2011, 18:28

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Kawai · 30.08.2011, 14:45

Da ist das Log vom ESET Scan

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=1ed60f3dcfaa2c42a7d1dac497c3b1f1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-30 01:23:43
# local_time=2011-08-30 03:23:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 47598876 47598876 0 0
# compatibility_mode=1797 16775145 100 94 176749 51173204 180299 0
# compatibility_mode=5893 16776573 100 94 49003157 67045619 0 0
# compatibility_mode=8192 67108863 100 0 165 165 0 0
# scanned=543728
# found=8
# cleaned=0
# scan_time=70679
C:\Program Files (x86)\pdfforge Toolbar\SearchSettings.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\pdfforge Toolbar\SearchSettingsRes409.dll	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\pdfforge Toolbar\WidgiHelper.exe	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\1780f4d-48a2202e	a variant of Java/Agent.DI trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\7137dbc2-4b0ee5b8	a variant of Java/Agent.DI trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\316b249c-1063ed7a	a variant of Java/Agent.DI trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\7a94429-51f3c2c1	a variant of Java/Agent.DI trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Kaimei\Downloads\backups\backup-20110310-172924-111.dll	Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I

cosinus · 30.08.2011, 15:39

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell - "" = AutoRun
O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe
[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Yvqii
[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Ydupzu
[2011.08.22 20:59:31 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\noa-x
[2010.02.08 16:57:57 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2011.08.20 00:23:38 | 000,001,861 | ---- | M] () -- C:\Users\Kaimei\attachment.obj
:Files
C:\Program Files (x86)\pdfforge Toolbar
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Kawai · 30.08.2011, 17:37

Ausgeführt und da ist das Log vom OTL.
Die Ping.exe wird gedoch weiterhin sofort nach Sys. Start in der Prozessliste aufgeführt und Malwarebytes meldet sich auch weiterhin.

Code:

ATTFilter

All processes killed
Error: Unable to interpret <O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {542e4d79-1970-4e95-9862-fdb96f61b280} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.> in the current context!
Error: Unable to interpret <O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()> in the current context!
Error: Unable to interpret <O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()> in the current context!
Error: Unable to interpret <O32 - HKLM CDRom: AutoRun - 1> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{c9a61382-02b0-11e0-b402-0030840a0c0e}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe> in the current context!
Error: Unable to interpret <[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Yvqii> in the current context!
Error: Unable to interpret <[2011.08.26 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Ydupzu> in the current context!
Error: Unable to interpret <[2011.08.22 20:59:31 | 000,000,000 | ---D | C] -- C:\Users\Kaimei\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\noa-x> in the current context!
Error: Unable to interpret <[2010.02.08 16:57:57 | 000,120,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll> in the current context!
Error: Unable to interpret <[2011.08.20 00:23:38 | 000,001,861 | ---- | M] () -- C:\Users\Kaimei\attachment.obj> in the current context!
========== FILES ==========
C:\Program Files (x86)\pdfforge Toolbar\SSFF\components folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\skin folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\locale\en-US folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\locale folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome\content folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\SSFF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\1.1.2 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\components folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\skin folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale\EN-US folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\locale folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome\content folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF\chrome folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\FF folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1a209876-74742f86-n folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\6d0ad391-4b9d5362-n folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Kaimei\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Eltern
->Temp folder emptied: 33219786 bytes
->Temporary Internet Files folder emptied: 11097291 bytes
->Java cache emptied: 23648256 bytes
->FireFox cache emptied: 222705195 bytes
->Flash cache emptied: 57067 bytes
 
User: Kaimei
->Temp folder emptied: 77470988 bytes
->Temporary Internet Files folder emptied: 62253537 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 72289615 bytes
->Flash cache emptied: 143134 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13436416 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 493,00 mb
 
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.26.5 log created on 08302011_182813

Files\Folders moved on Reboot...
C:\Users\Kaimei\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus · 31.08.2011, 10:14

Zitat:

Start in der Prozessliste aufgeführt und Malwarebytes meldet sich auch weiterhin.

Ja und Log dazu?? Bisher hast du nur Logs ohne Funde von Malwarebytes gepostet,.

Kawai · 31.08.2011, 12:46

Da wenns dir weiterhilft

Code:

ATTFilter

18:28:15	Kaimei	MESSAGE	Protection started successfully
18:28:20	Kaimei	MESSAGE	IP Protection started successfully
18:28:34	Kaimei	IP-BLOCK	188.229.90.137 (Type: outgoing, Port: 1325, Process: svchost.exe)
18:28:34	Kaimei	IP-BLOCK	188.229.90.137 (Type: outgoing, Port: 1323, Process: svchost.exe)
18:30:14	Kaimei	IP-BLOCK	188.229.90.137 (Type: incoming, Port: 1323, Process: svchost.exe)
18:30:14	Kaimei	IP-BLOCK	188.229.90.137 (Type: incoming, Port: 1325, Process: svchost.exe)
18:35:22	Kaimei	IP-BLOCK	195.3.145.252 (Type: outgoing, Port: 1463, Process: ping.exe)
18:35:38	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1466, Process: ping.exe)
18:35:38	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1467, Process: ping.exe)
18:35:54	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1471, Process: ping.exe)
18:35:54	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1472, Process: ping.exe)
18:37:00	Kaimei	IP-BLOCK	91.220.0.49 (Type: outgoing, Port: 1696, Process: ping.exe)
18:37:00	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1700, Process: ping.exe)
18:37:00	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1701, Process: ping.exe)
18:37:08	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 1707, Process: ping.exe)
18:37:16	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 1714, Process: ping.exe)
18:37:24	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1725, Process: ping.exe)
18:37:24	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1726, Process: ping.exe)
18:37:33	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1735, Process: ping.exe)
18:37:33	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1736, Process: ping.exe)
18:37:33	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1738, Process: ping.exe)
18:37:33	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1739, Process: ping.exe)
18:37:50	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 1746, Process: ping.exe)
18:37:58	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1748, Process: ping.exe)
18:37:58	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1749, Process: ping.exe)
18:38:14	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 1772, Process: ping.exe)
18:38:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1777, Process: ping.exe)
18:38:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1778, Process: ping.exe)
18:38:22	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1783, Process: ping.exe)
18:38:22	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1784, Process: ping.exe)
18:38:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1794, Process: ping.exe)
18:38:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1795, Process: ping.exe)
18:38:38	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1803, Process: ping.exe)
18:38:38	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1804, Process: ping.exe)
18:38:46	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1810, Process: ping.exe)
18:38:46	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1811, Process: ping.exe)
18:38:54	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1813, Process: ping.exe)
18:38:54	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1814, Process: ping.exe)
18:38:55	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1819, Process: ping.exe)
18:38:55	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1820, Process: ping.exe)
18:38:55	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1825, Process: ping.exe)
18:38:55	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1826, Process: ping.exe)
18:38:55	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1828, Process: ping.exe)
18:38:55	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1829, Process: ping.exe)
18:39:03	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1850, Process: ping.exe)
18:39:03	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1851, Process: ping.exe)
18:39:11	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1860, Process: ping.exe)
18:39:11	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1861, Process: ping.exe)
18:39:11	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1863, Process: ping.exe)
18:39:11	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1864, Process: ping.exe)
18:39:19	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1869, Process: ping.exe)
18:39:19	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1870, Process: ping.exe)
18:39:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1872, Process: ping.exe)
18:39:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1873, Process: ping.exe)
18:39:27	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1877, Process: ping.exe)
18:39:27	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1878, Process: ping.exe)
18:39:27	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1889, Process: ping.exe)
18:39:27	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1890, Process: ping.exe)
18:39:36	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 1895, Process: ping.exe)
18:39:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1898, Process: ping.exe)
18:39:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1899, Process: ping.exe)
18:39:44	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1903, Process: ping.exe)
18:39:44	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1904, Process: ping.exe)
18:39:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1927, Process: ping.exe)
18:39:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1928, Process: ping.exe)
18:39:52	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1931, Process: ping.exe)
18:39:52	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1932, Process: ping.exe)
18:40:00	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1937, Process: ping.exe)
18:40:00	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1938, Process: ping.exe)
18:40:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1958, Process: ping.exe)
18:40:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 1962, Process: ping.exe)
18:40:16	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1978, Process: ping.exe)
18:40:16	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 1979, Process: ping.exe)
18:40:16	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1981, Process: ping.exe)
18:40:16	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 1982, Process: ping.exe)
18:40:40	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2009, Process: ping.exe)
18:40:41	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2010, Process: ping.exe)
18:40:41	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2011, Process: ping.exe)
18:40:41	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2013, Process: ping.exe)
18:40:49	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2053, Process: ping.exe)
18:40:49	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2054, Process: ping.exe)
18:41:05	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2061, Process: ping.exe)
18:41:05	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2062, Process: ping.exe)
18:41:21	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2076, Process: ping.exe)
18:41:21	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2077, Process: ping.exe)
18:41:29	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2083, Process: ping.exe)
18:41:30	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2084, Process: ping.exe)
18:41:38	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2086, Process: ping.exe)
18:41:38	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2087, Process: ping.exe)
18:42:02	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2095, Process: ping.exe)
18:42:02	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2096, Process: ping.exe)
18:42:50	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2111, Process: firefox.exe)
18:42:50	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2112, Process: firefox.exe)
18:45:57	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2286, Process: ping.exe)
18:46:13	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2300, Process: ping.exe)
18:46:29	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2322, Process: ping.exe)
18:46:37	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2353, Process: ping.exe)
18:46:45	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2362, Process: ping.exe)
18:47:02	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2372, Process: ping.exe)
18:47:18	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2390, Process: ping.exe)
18:47:26	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2397, Process: ping.exe)
18:47:26	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2398, Process: ping.exe)
18:47:50	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2512, Process: ping.exe)
18:47:51	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2517, Process: ping.exe)
18:48:07	Kaimei	IP-BLOCK	91.220.0.49 (Type: outgoing, Port: 2553, Process: ping.exe)
18:48:07	Kaimei	IP-BLOCK	91.220.0.49 (Type: outgoing, Port: 2554, Process: ping.exe)
18:48:07	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2560, Process: ping.exe)
18:48:07	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2561, Process: ping.exe)
18:48:07	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2583, Process: ping.exe)
18:48:15	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2612, Process: ping.exe)
18:48:15	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2613, Process: ping.exe)
18:48:23	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2674, Process: ping.exe)
18:48:23	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2675, Process: ping.exe)
18:48:47	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2858, Process: ping.exe)
18:48:55	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2909, Process: ping.exe)
18:48:55	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2910, Process: ping.exe)
18:49:03	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 2960, Process: ping.exe)
18:49:03	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2978, Process: ping.exe)
18:49:03	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 2979, Process: ping.exe)
18:49:12	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2992, Process: ping.exe)
18:49:12	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 2993, Process: ping.exe)
18:49:12	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2997, Process: ping.exe)
18:49:12	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 2998, Process: ping.exe)
18:49:12	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3001, Process: ping.exe)
18:49:12	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3002, Process: ping.exe)
18:49:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3014, Process: ping.exe)
18:49:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3015, Process: ping.exe)
18:49:44	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3044, Process: ping.exe)
18:49:44	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3045, Process: ping.exe)
18:49:44	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 3047, Process: ping.exe)
18:49:44	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 3048, Process: ping.exe)
18:49:44	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 3054, Process: ping.exe)
18:50:00	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3068, Process: ping.exe)
18:50:00	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3069, Process: ping.exe)
18:50:00	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3075, Process: ping.exe)
18:50:00	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3076, Process: ping.exe)
18:50:24	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3124, Process: ping.exe)
18:50:24	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3125, Process: ping.exe)
18:50:24	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3142, Process: ping.exe)
18:50:24	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3143, Process: ping.exe)
18:50:48	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3203, Process: ping.exe)
18:50:48	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3204, Process: ping.exe)
18:50:48	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3208, Process: ping.exe)
18:50:49	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3209, Process: ping.exe)
18:50:57	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3211, Process: ping.exe)
18:50:57	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 3212, Process: ping.exe)
18:51:21	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3218, Process: ping.exe)
18:51:21	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3219, Process: ping.exe)
18:51:21	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3222, Process: ping.exe)
18:51:21	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3223, Process: ping.exe)
18:51:53	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3333, Process: ping.exe)
18:51:53	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 3334, Process: ping.exe)
18:57:49	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 4161, Process: ping.exe)
18:57:50	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 4162, Process: ping.exe)
18:57:58	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4170, Process: ping.exe)
18:57:58	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4171, Process: ping.exe)
18:58:14	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4186, Process: ping.exe)
18:58:38	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4214, Process: ping.exe)
18:59:03	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 4262, Process: ping.exe)
18:59:03	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 4263, Process: ping.exe)
18:59:20	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4307, Process: ping.exe)
18:59:28	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 4324, Process: ping.exe)
18:59:28	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 4325, Process: ping.exe)
18:59:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4338, Process: ping.exe)
18:59:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4339, Process: ping.exe)
18:59:52	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4508, Process: ping.exe)
18:59:52	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4509, Process: ping.exe)
18:59:52	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4536, Process: ping.exe)
19:00:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4574, Process: ping.exe)
19:00:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4575, Process: ping.exe)
19:00:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4577, Process: ping.exe)
19:00:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4578, Process: ping.exe)
19:00:16	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4584, Process: ping.exe)
19:00:16	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4585, Process: ping.exe)
19:00:41	Kaimei	IP-BLOCK	91.220.0.49 (Type: outgoing, Port: 4666, Process: ping.exe)
19:00:50	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4700, Process: ping.exe)
19:00:50	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4702, Process: ping.exe)
19:00:58	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4722, Process: ping.exe)
19:00:58	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4723, Process: ping.exe)
19:01:14	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4774, Process: ping.exe)
19:01:14	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4819, Process: ping.exe)
19:01:22	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4824, Process: ping.exe)
19:01:22	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4834, Process: ping.exe)
19:01:22	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4835, Process: ping.exe)
19:01:30	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4859, Process: ping.exe)
19:01:31	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4867, Process: ping.exe)
19:01:31	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4868, Process: ping.exe)
19:01:47	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4888, Process: ping.exe)
19:01:47	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 4889, Process: ping.exe)
19:01:47	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4897, Process: ping.exe)
19:01:47	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4898, Process: ping.exe)
19:01:55	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4902, Process: ping.exe)
19:01:55	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4903, Process: ping.exe)
19:02:03	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4925, Process: ping.exe)
19:02:03	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 4926, Process: ping.exe)
19:02:11	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4940, Process: ping.exe)
19:02:11	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4941, Process: ping.exe)
19:02:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4963, Process: ping.exe)
19:02:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4964, Process: ping.exe)
19:02:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4967, Process: ping.exe)
19:02:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 4969, Process: ping.exe)
19:03:15	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5078, Process: ping.exe)
19:03:16	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5079, Process: ping.exe)
19:03:16	Kaimei	IP-BLOCK	89.28.61.200 (Type: incoming, Port: 58398, Process: svchost.exe)
19:03:32	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5117, Process: ping.exe)
19:03:32	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5118, Process: ping.exe)
19:04:05	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5139, Process: ping.exe)
19:04:05	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5140, Process: ping.exe)
19:04:13	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 5143, Process: ping.exe)
19:04:13	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 5144, Process: ping.exe)
19:10:01	Kaimei	IP-BLOCK	208.91.207.91 (Type: outgoing, Port: 5291, Process: ping.exe)
19:10:42	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 5335, Process: ping.exe)
19:10:59	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 5401, Process: ping.exe)
19:11:40	Kaimei	IP-BLOCK	208.91.207.91 (Type: outgoing, Port: 5544, Process: ping.exe)
19:11:56	Kaimei	IP-BLOCK	91.220.0.49 (Type: outgoing, Port: 5659, Process: ping.exe)
19:12:05	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5702, Process: ping.exe)
19:12:05	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5704, Process: ping.exe)
19:12:13	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 5755, Process: ping.exe)
19:12:13	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 5756, Process: ping.exe)
19:12:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 5847, Process: ping.exe)
19:12:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 5848, Process: ping.exe)
19:12:46	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 5892, Process: ping.exe)
19:12:54	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 5950, Process: ping.exe)
19:13:02	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 5960, Process: ping.exe)
19:13:02	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 5961, Process: ping.exe)
19:13:10	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5968, Process: ping.exe)
19:13:10	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 5969, Process: ping.exe)
19:13:35	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6011, Process: ping.exe)
19:13:35	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6012, Process: ping.exe)
19:13:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6015, Process: ping.exe)
19:13:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6017, Process: ping.exe)
19:13:43	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6019, Process: ping.exe)
19:13:43	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6020, Process: ping.exe)
19:13:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6023, Process: ping.exe)
19:13:43	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6024, Process: ping.exe)
19:13:52	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 6040, Process: ping.exe)
19:13:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6051, Process: ping.exe)
19:13:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6053, Process: ping.exe)
19:14:00	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6099, Process: ping.exe)
19:14:00	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6101, Process: ping.exe)
19:14:08	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6115, Process: ping.exe)
19:14:08	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6116, Process: ping.exe)
19:14:16	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 6149, Process: ping.exe)
19:14:32	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6168, Process: ping.exe)
19:14:33	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6169, Process: ping.exe)
19:14:41	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6277, Process: ping.exe)
19:14:41	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6279, Process: ping.exe)
19:14:49	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 6314, Process: ping.exe)
19:14:49	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 6316, Process: ping.exe)
19:14:49	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6320, Process: ping.exe)
19:14:49	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6322, Process: ping.exe)
19:15:05	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6348, Process: ping.exe)
19:15:05	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 6349, Process: ping.exe)
19:15:21	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6357, Process: ping.exe)
19:15:21	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6358, Process: ping.exe)
19:15:30	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6362, Process: ping.exe)
19:15:30	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6363, Process: ping.exe)
19:16:02	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6520, Process: ping.exe)
19:16:02	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 6521, Process: ping.exe)
19:22:05	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40326, Process: ping.exe)
19:22:05	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40327, Process: ping.exe)
19:22:22	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 40367, Process: ping.exe)
19:22:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40380, Process: ping.exe)
19:22:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40381, Process: ping.exe)
19:22:38	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40398, Process: ping.exe)
19:22:38	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40399, Process: ping.exe)
19:22:46	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40437, Process: ping.exe)
19:22:46	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40438, Process: ping.exe)
19:22:54	Kaimei	IP-BLOCK	91.220.0.49 (Type: outgoing, Port: 40449, Process: ping.exe)
19:23:11	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 40469, Process: ping.exe)
19:23:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40479, Process: ping.exe)
19:23:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40480, Process: ping.exe)
19:23:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40509, Process: ping.exe)
19:23:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40510, Process: ping.exe)
19:23:27	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40525, Process: ping.exe)
19:23:27	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40527, Process: ping.exe)
19:23:27	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40552, Process: ping.exe)
19:23:27	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40553, Process: ping.exe)
19:23:35	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 40573, Process: ping.exe)
19:23:36	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40576, Process: ping.exe)
19:23:36	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40577, Process: ping.exe)
19:23:44	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 40607, Process: ping.exe)
19:23:44	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 40608, Process: ping.exe)
19:23:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40613, Process: ping.exe)
19:23:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40614, Process: ping.exe)
19:23:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40616, Process: ping.exe)
19:23:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40617, Process: ping.exe)
19:24:00	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40623, Process: ping.exe)
19:24:00	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40624, Process: ping.exe)
19:24:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40704, Process: ping.exe)
19:24:08	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40705, Process: ping.exe)
19:24:08	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40734, Process: ping.exe)
19:24:08	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40738, Process: ping.exe)
19:24:17	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40770, Process: ping.exe)
19:24:17	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40771, Process: ping.exe)
19:24:25	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40790, Process: ping.exe)
19:24:25	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40791, Process: ping.exe)
19:24:49	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40797, Process: ping.exe)
19:24:49	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40798, Process: ping.exe)
19:24:49	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40812, Process: ping.exe)
19:24:49	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40813, Process: ping.exe)
19:24:57	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 40823, Process: ping.exe)
19:24:58	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 40824, Process: ping.exe)
19:25:06	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 40898, Process: ping.exe)
19:25:06	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 40899, Process: ping.exe)
19:25:14	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40954, Process: ping.exe)
19:25:14	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 40955, Process: ping.exe)
19:25:54	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40963, Process: ping.exe)
19:25:54	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40964, Process: ping.exe)
19:26:03	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40969, Process: ping.exe)
19:26:03	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 40970, Process: ping.exe)
19:31:55	Kaimei	IP-BLOCK	195.3.145.252 (Type: outgoing, Port: 41291, Process: ping.exe)
19:33:09	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 41497, Process: ping.exe)
19:33:57	Kaimei	IP-BLOCK	117.21.224.236 (Type: outgoing, Port: 41634, Process: ping.exe)
19:34:06	Kaimei	IP-BLOCK	117.21.224.235 (Type: outgoing, Port: 41648, Process: ping.exe)
19:34:14	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 41655, Process: ping.exe)
19:34:14	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 41656, Process: ping.exe)
19:34:22	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 41720, Process: ping.exe)
19:34:22	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 41722, Process: ping.exe)
19:34:30	Kaimei	IP-BLOCK	89.28.61.200 (Type: incoming, Port: 58398, Process: svchost.exe)
19:34:30	Kaimei	IP-BLOCK	199.80.55.80 (Type: outgoing, Port: 41769, Process: ping.exe)
19:34:38	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41775, Process: ping.exe)
19:34:38	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41776, Process: ping.exe)
19:34:54	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41797, Process: ping.exe)
19:34:54	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41798, Process: ping.exe)
19:35:02	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41802, Process: ping.exe)
19:35:02	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41803, Process: ping.exe)
19:35:27	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 41941, Process: ping.exe)
19:35:35	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41994, Process: ping.exe)
19:35:35	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 41995, Process: ping.exe)
19:35:35	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42000, Process: ping.exe)
19:35:35	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42001, Process: ping.exe)
19:35:43	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 42048, Process: ping.exe)
19:35:43	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 42050, Process: ping.exe)
19:35:51	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42078, Process: ping.exe)
19:35:51	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42079, Process: ping.exe)
19:35:59	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42121, Process: ping.exe)
19:35:59	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42122, Process: ping.exe)
19:36:07	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 42140, Process: ping.exe)
19:36:07	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 42148, Process: ping.exe)
19:36:16	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 42151, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42176, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42180, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 42206, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 42212, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42213, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42215, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 42217, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 42219, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	69.6.27.100 (Type: outgoing, Port: 42226, Process: ping.exe)
19:36:24	Kaimei	IP-BLOCK	69.6.27.100 (Type: outgoing, Port: 42231, Process: ping.exe)
19:36:32	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42247, Process: ping.exe)
19:36:32	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42256, Process: ping.exe)
19:36:56	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42333, Process: ping.exe)
19:36:56	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42334, Process: ping.exe)
19:36:56	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42337, Process: ping.exe)
19:36:56	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42338, Process: ping.exe)
19:37:13	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42364, Process: ping.exe)
19:37:13	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42366, Process: ping.exe)
19:37:29	Kaimei	IP-BLOCK	69.6.27.100 (Type: outgoing, Port: 42434, Process: ping.exe)
19:37:29	Kaimei	IP-BLOCK	69.6.27.100 (Type: outgoing, Port: 42435, Process: ping.exe)
19:37:45	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42453, Process: ping.exe)
19:37:45	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 42454, Process: ping.exe)
19:51:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42821, Process: ping.exe)
19:51:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42822, Process: ping.exe)
19:51:30	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 42858, Process: ping.exe)
19:51:54	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42962, Process: ping.exe)
19:51:55	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 42963, Process: ping.exe)
19:52:03	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43044, Process: ping.exe)
19:52:11	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43045, Process: ping.exe)
19:52:28	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43124, Process: ping.exe)
19:52:28	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43127, Process: ping.exe)
19:52:28	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 43131, Process: ping.exe)
19:52:28	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 43134, Process: ping.exe)
19:52:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43189, Process: ping.exe)
19:52:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43190, Process: ping.exe)
19:52:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43207, Process: ping.exe)
19:52:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43208, Process: ping.exe)
19:52:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43209, Process: ping.exe)
19:52:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43210, Process: ping.exe)
19:52:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43214, Process: ping.exe)
19:52:52	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43215, Process: ping.exe)
19:53:01	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43245, Process: ping.exe)
19:53:01	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43250, Process: ping.exe)
19:53:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43266, Process: ping.exe)
19:53:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43268, Process: ping.exe)
19:53:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43269, Process: ping.exe)
19:53:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43270, Process: ping.exe)
19:53:17	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 43302, Process: ping.exe)
19:53:25	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43328, Process: ping.exe)
19:53:25	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43331, Process: ping.exe)
19:53:33	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43382, Process: ping.exe)
19:53:33	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43383, Process: ping.exe)
19:53:41	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43432, Process: ping.exe)
19:53:41	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43433, Process: ping.exe)
19:53:41	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43434, Process: ping.exe)
19:53:41	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43435, Process: ping.exe)
19:53:57	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43440, Process: ping.exe)
19:53:57	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43441, Process: ping.exe)
19:54:05	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43501, Process: ping.exe)
19:54:05	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43510, Process: ping.exe)
19:54:14	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43558, Process: ping.exe)
19:54:14	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43559, Process: ping.exe)
19:54:22	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43568, Process: ping.exe)
19:54:22	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43569, Process: ping.exe)
19:54:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43604, Process: ping.exe)
19:54:30	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43605, Process: ping.exe)
19:54:46	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43621, Process: ping.exe)
19:54:46	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 43622, Process: ping.exe)
19:54:54	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43638, Process: ping.exe)
19:54:54	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43639, Process: ping.exe)
19:55:02	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43662, Process: ping.exe)
19:55:02	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43664, Process: ping.exe)
19:55:10	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43675, Process: ping.exe)
19:55:10	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 43676, Process: ping.exe)
20:10:21	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 44584, Process: ping.exe)
20:10:38	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 44607, Process: ping.exe)
20:10:38	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 44608, Process: ping.exe)
20:11:20	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 44927, Process: ping.exe)
20:11:20	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 44928, Process: ping.exe)
20:11:28	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 45011, Process: ping.exe)
20:11:28	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 45012, Process: ping.exe)
20:11:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45068, Process: ping.exe)
20:11:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45069, Process: ping.exe)
20:11:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45088, Process: ping.exe)
20:11:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45090, Process: ping.exe)
20:12:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45122, Process: ping.exe)
20:12:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45123, Process: ping.exe)
20:12:50	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45264, Process: ping.exe)
20:12:50	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45266, Process: ping.exe)
20:13:15	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45361, Process: ping.exe)
20:13:15	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45362, Process: ping.exe)
20:13:15	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45371, Process: ping.exe)
20:13:15	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 45372, Process: ping.exe)
20:13:23	Kaimei	IP-BLOCK	208.73.210.125 (Type: outgoing, Port: 45384, Process: ping.exe)
20:13:32	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 45407, Process: ping.exe)
20:13:32	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 45408, Process: ping.exe)
20:13:40	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 45458, Process: ping.exe)
20:13:40	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 45459, Process: ping.exe)
20:22:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46063, Process: ping.exe)
20:22:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46064, Process: ping.exe)
20:22:38	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46092, Process: ping.exe)
20:22:39	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46093, Process: ping.exe)
20:22:47	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46169, Process: ping.exe)
20:22:47	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46178, Process: ping.exe)
20:23:03	Kaimei	IP-BLOCK	91.220.0.49 (Type: outgoing, Port: 46214, Process: ping.exe)
20:23:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46305, Process: ping.exe)
20:23:19	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46308, Process: ping.exe)
20:23:19	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 46315, Process: ping.exe)
20:23:20	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 46316, Process: ping.exe)
20:23:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46343, Process: ping.exe)
20:23:36	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46344, Process: ping.exe)
20:23:36	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 46346, Process: ping.exe)
20:23:36	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 46347, Process: ping.exe)
20:23:44	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46352, Process: ping.exe)
20:23:44	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46353, Process: ping.exe)
20:24:01	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 46421, Process: ping.exe)
20:24:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46473, Process: ping.exe)
20:24:09	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46474, Process: ping.exe)
20:24:17	Kaimei	IP-BLOCK	67.29.139.153 (Type: outgoing, Port: 46498, Process: ping.exe)
20:24:17	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 46501, Process: ping.exe)
20:24:17	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 46502, Process: ping.exe)
20:24:50	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 46570, Process: ping.exe)
20:24:50	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 46571, Process: ping.exe)
20:24:50	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46601, Process: ping.exe)
20:24:50	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46602, Process: ping.exe)
20:25:07	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 46660, Process: ping.exe)
20:25:07	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 46661, Process: ping.exe)
20:25:23	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46691, Process: ping.exe)
20:25:23	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 46692, Process: ping.exe)
20:25:31	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 46717, Process: ping.exe)
20:25:31	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 46718, Process: ping.exe)
20:28:29	Kaimei	IP-BLOCK	188.229.90.137 (Type: outgoing, Port: 46906, Process: ping.exe)
20:35:55	Kaimei	IP-BLOCK	89.28.61.200 (Type: incoming, Port: 58398, Process: svchost.exe)
20:36:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47356, Process: ping.exe)
20:36:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47357, Process: ping.exe)
20:36:44	Kaimei	IP-BLOCK	208.87.32.68 (Type: outgoing, Port: 47395, Process: ping.exe)
20:36:44	Kaimei	IP-BLOCK	208.87.32.68 (Type: outgoing, Port: 47396, Process: ping.exe)
20:36:52	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 47422, Process: ping.exe)
20:36:52	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 47423, Process: ping.exe)
20:37:25	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47510, Process: ping.exe)
20:37:25	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47511, Process: ping.exe)
20:37:33	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47664, Process: ping.exe)
20:37:33	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47665, Process: ping.exe)
20:37:33	Kaimei	IP-BLOCK	208.87.32.68 (Type: outgoing, Port: 47677, Process: ping.exe)
20:37:33	Kaimei	IP-BLOCK	208.87.32.68 (Type: outgoing, Port: 47678, Process: ping.exe)
20:37:42	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47713, Process: ping.exe)
20:37:42	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47715, Process: ping.exe)
20:37:50	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47747, Process: ping.exe)
20:37:50	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47748, Process: ping.exe)
20:37:58	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 47754, Process: ping.exe)
20:37:58	Kaimei	IP-BLOCK	208.73.210.29 (Type: outgoing, Port: 47755, Process: ping.exe)
20:37:58	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47765, Process: ping.exe)
20:37:58	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47766, Process: ping.exe)
20:38:06	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47768, Process: ping.exe)
20:38:06	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47769, Process: ping.exe)
20:38:06	Kaimei	IP-BLOCK	208.87.32.68 (Type: outgoing, Port: 47776, Process: ping.exe)
20:38:06	Kaimei	IP-BLOCK	208.87.32.68 (Type: outgoing, Port: 47777, Process: ping.exe)
20:38:31	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47857, Process: ping.exe)
20:38:31	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47858, Process: ping.exe)
20:38:47	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47976, Process: ping.exe)
20:38:47	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 47977, Process: ping.exe)
20:38:47	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47984, Process: ping.exe)
20:38:47	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 47985, Process: ping.exe)
20:39:03	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48010, Process: ping.exe)
20:39:03	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48011, Process: ping.exe)
20:39:03	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48015, Process: ping.exe)
20:39:03	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48016, Process: ping.exe)
20:39:11	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48022, Process: ping.exe)
20:39:11	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48023, Process: ping.exe)
20:39:20	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48079, Process: ping.exe)
20:39:20	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48080, Process: ping.exe)
20:39:20	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48082, Process: ping.exe)
20:39:20	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48083, Process: ping.exe)
20:39:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48087, Process: ping.exe)
20:39:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48088, Process: ping.exe)
20:39:36	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48127, Process: ping.exe)
20:39:36	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48128, Process: ping.exe)
20:39:44	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48199, Process: ping.exe)
20:39:44	Kaimei	IP-BLOCK	208.87.32.69 (Type: outgoing, Port: 48200, Process: ping.exe)
20:42:53	Kaimei	IP-BLOCK	62.45.90.92 (Type: incoming, Port: 58398, Process: svchost.exe)
20:44:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48504, Process: ping.exe)
20:44:14	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48505, Process: ping.exe)
20:45:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48572, Process: ping.exe)
20:45:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48573, Process: ping.exe)
20:45:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48576, Process: ping.exe)
20:45:28	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48577, Process: ping.exe)
20:45:53	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48668, Process: ping.exe)
20:45:53	Kaimei	IP-BLOCK	208.87.33.151 (Type: outgoing, Port: 48669, Process: ping.exe)

cosinus · 31.08.2011, 15:38

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Kawai · 31.08.2011, 16:08

Hallo ich habe den Scan jetzt 2 mal durchgeführt und werde jetzt einen Vollscan mit Malwarebytes machen, richtig?

Das Problem hat übrigens noch jemand anderes http://www.trojaner-board.de/102998-...trojaner.html, wenn du das noch nicht gesehen hast. Wenn das nichts mit meinem Problem zu tun hat oder du einfach keine Zeit für ihn hast, sorry für den Hinweis.

Und schon mal eine gute Nachricht. Die Ping.exe wird anscheinend nicht mehr automatisch ausgeführt

Code:

ATTFilter

2011/08/31 16:53:55.0353 2708	TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/31 16:53:55.0566 2708	================================================================================
2011/08/31 16:53:55.0566 2708	SystemInfo:
2011/08/31 16:53:55.0566 2708	
2011/08/31 16:53:55.0566 2708	OS Version: 6.1.7600 ServicePack: 0.0
2011/08/31 16:53:55.0566 2708	Product type: Workstation
2011/08/31 16:53:55.0566 2708	ComputerName: KAIMEI-PC
2011/08/31 16:53:55.0566 2708	UserName: Kaimei
2011/08/31 16:53:55.0566 2708	Windows directory: C:\Windows
2011/08/31 16:53:55.0566 2708	System windows directory: C:\Windows
2011/08/31 16:53:55.0566 2708	Running under WOW64
2011/08/31 16:53:55.0566 2708	Processor architecture: Intel x64
2011/08/31 16:53:55.0566 2708	Number of processors: 2
2011/08/31 16:53:55.0566 2708	Page size: 0x1000
2011/08/31 16:53:55.0566 2708	Boot type: Normal boot
2011/08/31 16:53:55.0566 2708	================================================================================
2011/08/31 16:53:57.0625 2708	Initialize success
2011/08/31 16:54:02.0456 4720	================================================================================
2011/08/31 16:54:02.0456 4720	Scan started
2011/08/31 16:54:02.0456 4720	Mode: Manual; 
2011/08/31 16:54:02.0456 4720	================================================================================
2011/08/31 16:54:04.0768 4720	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/08/31 16:54:04.0833 4720	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/08/31 16:54:04.0862 4720	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/08/31 16:54:04.0921 4720	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/31 16:54:04.0994 4720	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/31 16:54:05.0065 4720	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/31 16:54:05.0126 4720	afcdp           (d9a76e6e541e2e61c78140b65db63e6a) C:\Windows\system32\DRIVERS\afcdp.sys
2011/08/31 16:54:05.0182 4720	AFD             (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/08/31 16:54:05.0246 4720	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/08/31 16:54:05.0364 4720	ALCXWDM         (56c6761519a5de492fca827a6a9b9c26) C:\Windows\system32\drivers\ALCWDM64.SYS
2011/08/31 16:54:05.0494 4720	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/08/31 16:54:05.0532 4720	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/08/31 16:54:05.0556 4720	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/31 16:54:05.0587 4720	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/31 16:54:05.0622 4720	amdsata         (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/08/31 16:54:05.0664 4720	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/31 16:54:05.0703 4720	amdxata         (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/08/31 16:54:05.0779 4720	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/08/31 16:54:05.0863 4720	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/31 16:54:05.0891 4720	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/31 16:54:05.0969 4720	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/31 16:54:05.0996 4720	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/08/31 16:54:06.0049 4720	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/08/31 16:54:06.0094 4720	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
2011/08/31 16:54:06.0157 4720	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/31 16:54:06.0200 4720	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/31 16:54:06.0256 4720	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/31 16:54:06.0302 4720	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/31 16:54:06.0328 4720	bowser          (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/31 16:54:06.0364 4720	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/31 16:54:06.0396 4720	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/31 16:54:06.0427 4720	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/31 16:54:06.0467 4720	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/31 16:54:06.0497 4720	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/31 16:54:06.0566 4720	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/31 16:54:06.0620 4720	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
2011/08/31 16:54:06.0643 4720	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/31 16:54:06.0679 4720	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
2011/08/31 16:54:06.0745 4720	BTHPORT         (a51fa9d0e85d5adabef72e67f386309c) C:\Windows\system32\Drivers\BTHport.sys
2011/08/31 16:54:06.0797 4720	BTHUSB          (f740b9a16b2c06700f2130e19986bf3b) C:\Windows\system32\Drivers\BTHUSB.sys
2011/08/31 16:54:06.0835 4720	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/31 16:54:06.0955 4720	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/31 16:54:07.0122 4720	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/31 16:54:07.0171 4720	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/31 16:54:07.0349 4720	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/31 16:54:07.0459 4720	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/08/31 16:54:07.0536 4720	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/08/31 16:54:07.0593 4720	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/31 16:54:07.0633 4720	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/08/31 16:54:07.0679 4720	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/31 16:54:07.0738 4720	CSC             (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/08/31 16:54:07.0808 4720	DCamUSBEMPIA    (b1c55a95006d621d04fe4a23f86c0a54) C:\Windows\system32\DRIVERS\emDevice64.sys
2011/08/31 16:54:07.0859 4720	DfsC            (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/08/31 16:54:07.0906 4720	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/31 16:54:07.0930 4720	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/31 16:54:08.0006 4720	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/31 16:54:08.0064 4720	DXGKrnl         (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/31 16:54:08.0166 4720	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/31 16:54:08.0331 4720	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/31 16:54:08.0402 4720	emAudio         (8543bb84cd5872cd1619183f5cbbe3f9) C:\Windows\system32\drivers\emAudio64.sys
2011/08/31 16:54:08.0436 4720	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/08/31 16:54:08.0499 4720	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/31 16:54:08.0531 4720	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/31 16:54:08.0572 4720	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/31 16:54:08.0639 4720	FETNDIS         (ecce54654a19f6cc5e526696680c1827) C:\Windows\system32\DRIVERS\fet6x64.sys
2011/08/31 16:54:08.0666 4720	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/31 16:54:08.0697 4720	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/31 16:54:08.0725 4720	FiltUSBEMPIA    (73fbb50c4d92adc30a9d57a269489a0b) C:\Windows\system32\DRIVERS\emFilter64.sys
2011/08/31 16:54:08.0773 4720	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/31 16:54:08.0812 4720	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/08/31 16:54:08.0863 4720	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/31 16:54:08.0895 4720	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/31 16:54:08.0923 4720	fvevol          (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/31 16:54:08.0957 4720	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/31 16:54:09.0019 4720	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/31 16:54:09.0057 4720	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/31 16:54:09.0083 4720	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/31 16:54:09.0118 4720	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/31 16:54:09.0145 4720	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/31 16:54:09.0207 4720	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/31 16:54:09.0269 4720	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/08/31 16:54:09.0322 4720	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/08/31 16:54:09.0417 4720	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/31 16:54:09.0448 4720	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/31 16:54:09.0484 4720	iaStorV         (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/08/31 16:54:09.0575 4720	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/31 16:54:09.0694 4720	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/08/31 16:54:09.0762 4720	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/31 16:54:09.0857 4720	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/31 16:54:09.0892 4720	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/08/31 16:54:09.0926 4720	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/31 16:54:09.0958 4720	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/31 16:54:09.0990 4720	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/08/31 16:54:10.0028 4720	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/31 16:54:10.0089 4720	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/31 16:54:10.0131 4720	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/31 16:54:10.0181 4720	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/31 16:54:10.0261 4720	KSecPkg         (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/31 16:54:10.0296 4720	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/31 16:54:10.0361 4720	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/31 16:54:10.0484 4720	lmimirr         (413ecdcfad9a82804d3674c8d7eec24e) C:\Windows\system32\DRIVERS\lmimirr.sys
2011/08/31 16:54:10.0563 4720	LMIRfsDriver    (c57d3faa50e6f395759ffb7c709bd944) C:\Windows\system32\drivers\LMIRfsDriver.sys
2011/08/31 16:54:10.0650 4720	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/31 16:54:10.0681 4720	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/31 16:54:10.0717 4720	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/31 16:54:10.0754 4720	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/31 16:54:10.0796 4720	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/31 16:54:10.0846 4720	MarvinBus       (024da28053d57e9e32bee52600576bbb) C:\Windows\system32\DRIVERS\MarvinBus64.sys
2011/08/31 16:54:10.0915 4720	MBAMProtector   (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/08/31 16:54:10.0968 4720	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/31 16:54:10.0998 4720	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/31 16:54:11.0056 4720	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/31 16:54:11.0105 4720	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/31 16:54:11.0140 4720	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/31 16:54:11.0187 4720	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/31 16:54:11.0214 4720	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/08/31 16:54:11.0245 4720	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/08/31 16:54:11.0292 4720	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/31 16:54:11.0332 4720	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/31 16:54:11.0361 4720	mrxsmb          (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/31 16:54:11.0414 4720	mrxsmb10        (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/31 16:54:11.0445 4720	mrxsmb20        (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/31 16:54:11.0523 4720	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/08/31 16:54:11.0549 4720	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/08/31 16:54:11.0599 4720	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/31 16:54:11.0638 4720	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/31 16:54:11.0660 4720	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/08/31 16:54:11.0725 4720	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/31 16:54:11.0754 4720	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/31 16:54:11.0779 4720	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/31 16:54:11.0815 4720	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/08/31 16:54:11.0889 4720	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/31 16:54:11.0925 4720	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/31 16:54:11.0986 4720	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/31 16:54:12.0142 4720	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/31 16:54:12.0262 4720	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/31 16:54:12.0358 4720	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/08/31 16:54:12.0401 4720	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/31 16:54:12.0434 4720	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/31 16:54:12.0465 4720	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/31 16:54:12.0494 4720	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/31 16:54:12.0533 4720	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/08/31 16:54:12.0590 4720	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/31 16:54:12.0624 4720	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/31 16:54:12.0800 4720	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/31 16:54:12.0861 4720	NPF             (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys
2011/08/31 16:54:12.0886 4720	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/31 16:54:12.0941 4720	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/31 16:54:12.0999 4720	Ntfs            (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/08/31 16:54:13.0078 4720	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/31 16:54:13.0341 4720	nvlddmkm        (6f9cbe52517660b68694accee35ec4d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/31 16:54:13.0806 4720	nvraid          (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/08/31 16:54:13.0834 4720	nvstor          (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/08/31 16:54:13.0886 4720	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/08/31 16:54:13.0933 4720	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/31 16:54:14.0007 4720	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/31 16:54:14.0038 4720	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/08/31 16:54:14.0079 4720	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/08/31 16:54:14.0121 4720	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/08/31 16:54:14.0158 4720	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/31 16:54:14.0269 4720	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/31 16:54:14.0433 4720	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/31 16:54:14.0753 4720	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/31 16:54:14.0853 4720	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/31 16:54:14.0907 4720	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/31 16:54:14.0946 4720	PsxDrv          (fda6efb7014e8c4524cb6b5b885e8a95) C:\Windows\system32\drivers\psxdrv.sys
2011/08/31 16:54:14.0996 4720	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/31 16:54:15.0057 4720	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/31 16:54:15.0100 4720	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/31 16:54:15.0129 4720	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/31 16:54:15.0183 4720	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/31 16:54:15.0216 4720	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/31 16:54:15.0256 4720	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/31 16:54:15.0284 4720	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/31 16:54:15.0318 4720	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/31 16:54:15.0358 4720	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/31 16:54:15.0403 4720	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/31 16:54:15.0433 4720	RDPDR           (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/08/31 16:54:15.0464 4720	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/31 16:54:15.0500 4720	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/31 16:54:15.0524 4720	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/08/31 16:54:15.0568 4720	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/08/31 16:54:15.0632 4720	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
2011/08/31 16:54:15.0708 4720	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/31 16:54:15.0747 4720	RTL8023x64      (68dd0457d18fccef7384ae84022f0c86) C:\Windows\system32\DRIVERS\Rtnic64.sys
2011/08/31 16:54:15.0774 4720	s3cap           (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/08/31 16:54:15.0837 4720	SASDIFSV        (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/31 16:54:15.0871 4720	SASENUM         (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS
2011/08/31 16:54:15.0914 4720	SASKUTIL        (67d2688756dd304af655349baad82bff) C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/31 16:54:15.0948 4720	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/08/31 16:54:16.0000 4720	ScanUSBEMPIA    (eecbbf7d76300e5558d316983961ffc1) C:\Windows\system32\DRIVERS\emScan64.sys
2011/08/31 16:54:16.0037 4720	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/31 16:54:16.0097 4720	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/31 16:54:16.0148 4720	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/31 16:54:16.0191 4720	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/31 16:54:16.0227 4720	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/31 16:54:16.0304 4720	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/08/31 16:54:16.0333 4720	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/08/31 16:54:16.0363 4720	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/08/31 16:54:16.0437 4720	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/31 16:54:16.0491 4720	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/31 16:54:16.0526 4720	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/31 16:54:16.0558 4720	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/31 16:54:16.0628 4720	snapman         (0775cb5147953cce129bc3414740d109) C:\Windows\system32\DRIVERS\snapman.sys
2011/08/31 16:54:16.0697 4720	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/31 16:54:16.0768 4720	sptd            (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/08/31 16:54:16.0768 4720	Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/08/31 16:54:16.0776 4720	sptd - detected LockedFile.Multi.Generic (1)
2011/08/31 16:54:16.0823 4720	srv             (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/08/31 16:54:16.0892 4720	srv2            (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/31 16:54:17.0029 4720	srvnet          (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/31 16:54:17.0092 4720	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/31 16:54:17.0127 4720	storflt         (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/08/31 16:54:17.0176 4720	storvsc         (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/08/31 16:54:17.0210 4720	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/31 16:54:17.0322 4720	tap0901         (bcd6a90d6fd757ce9c29ddc850f7f231) C:\Windows\system32\DRIVERS\tap0901.sys
2011/08/31 16:54:17.0393 4720	Tcpip           (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/08/31 16:54:17.0493 4720	TCPIP6          (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/31 16:54:17.0531 4720	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/31 16:54:17.0563 4720	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/31 16:54:17.0630 4720	tdrpman258      (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys
2011/08/31 16:54:17.0694 4720	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/31 16:54:17.0733 4720	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/31 16:54:17.0814 4720	teamviewervpn   (f5520dbb47c60ee83024b38720abda24) C:\Windows\system32\DRIVERS\teamviewervpn.sys
2011/08/31 16:54:17.0838 4720	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/31 16:54:17.0919 4720	timounter       (2c1caf5563548a15515eab07d2a069c6) C:\Windows\system32\DRIVERS\timntr.sys
2011/08/31 16:54:18.0025 4720	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/31 16:54:18.0098 4720	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
2011/08/31 16:54:18.0138 4720	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/31 16:54:18.0215 4720	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/31 16:54:18.0260 4720	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/31 16:54:18.0359 4720	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/08/31 16:54:18.0403 4720	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/31 16:54:18.0437 4720	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/31 16:54:18.0512 4720	usbaudio        (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/08/31 16:54:18.0547 4720	usbccgp         (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/31 16:54:18.0583 4720	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/08/31 16:54:18.0624 4720	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/31 16:54:18.0687 4720	usbhub          (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/31 16:54:18.0750 4720	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/31 16:54:18.0792 4720	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/31 16:54:18.0833 4720	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/31 16:54:18.0860 4720	USBSTOR         (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/31 16:54:18.0895 4720	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/31 16:54:18.0954 4720	usbvideo        (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/31 16:54:19.0036 4720	VBoxDrv         (1287ce7b6cc8fd5a9c505b2c84a400cb) C:\Windows\system32\DRIVERS\VBoxDrv.sys
2011/08/31 16:54:19.0161 4720	VBoxNetAdp      (55c13725fc3b0cac69b5744ca0d1e122) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
2011/08/31 16:54:19.0269 4720	VBoxNetFlt      (b3da4bc8f82ae0fba2374b6529af813b) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
2011/08/31 16:54:19.0373 4720	VBoxUSB         (540064ae131ca9b01b96a56370b4d2cc) C:\Windows\system32\Drivers\VBoxUSB.sys
2011/08/31 16:54:19.0508 4720	VBoxUSBMon      (cb45d97364ae93308853159b7cdc7d23) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
2011/08/31 16:54:19.0594 4720	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/08/31 16:54:19.0637 4720	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/31 16:54:19.0671 4720	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/31 16:54:19.0711 4720	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/08/31 16:54:19.0741 4720	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/08/31 16:54:19.0791 4720	videX64         (59c608873c54f7ad675665c5e0adeb44) C:\Windows\system32\DRIVERS\videX64.sys
2011/08/31 16:54:19.0830 4720	vmbus           (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/08/31 16:54:19.0863 4720	VMBusHID        (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/08/31 16:54:19.0886 4720	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/08/31 16:54:19.0919 4720	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/08/31 16:54:19.0958 4720	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/08/31 16:54:20.0008 4720	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/31 16:54:20.0054 4720	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/31 16:54:20.0102 4720	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/31 16:54:20.0133 4720	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/31 16:54:20.0162 4720	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/31 16:54:20.0233 4720	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/31 16:54:20.0269 4720	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/31 16:54:20.0431 4720	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/31 16:54:20.0464 4720	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/31 16:54:20.0585 4720	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/31 16:54:20.0694 4720	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/31 16:54:20.0843 4720	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/08/31 16:54:20.0882 4720	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/31 16:54:21.0106 4720	xfiltx64        (ed29c4047fb406086d21b6b75ed0cb5b) C:\Windows\system32\DRIVERS\xfiltx64.sys
2011/08/31 16:54:21.0184 4720	MBR (0x1B8)     (de1996b5390bac8242e23168f828c750) \Device\Harddisk0\DR0
2011/08/31 16:54:21.0198 4720	\Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/31 16:54:21.0211 4720	MBR (0x1B8)     (1573cb9e8442254f007c2dd591960418) \Device\Harddisk1\DR1
2011/08/31 16:54:21.0257 4720	Boot (0x1200)   (b1bb5a711d39ca803f112cd7a658329e) \Device\Harddisk0\DR0\Partition0
2011/08/31 16:54:21.0289 4720	Boot (0x1200)   (84e33045610ec9fb7aac43cdb8e58fde) \Device\Harddisk0\DR0\Partition1
2011/08/31 16:54:21.0303 4720	================================================================================
2011/08/31 16:54:21.0303 4720	Scan finished
2011/08/31 16:54:21.0303 4720	================================================================================
2011/08/31 16:54:21.0319 3984	Detected object count: 2
2011/08/31 16:54:21.0319 3984	Actual detected object count: 2
2011/08/31 16:55:23.0475 3984	LockedFile.Multi.Generic(sptd) - User select action: Skip 
2011/08/31 16:55:23.0520 3984	\Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/31 16:55:23.0521 3984	\Device\Harddisk0\DR0 - ok
2011/08/31 16:55:23.0522 3984	Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 
2011/08/31 16:55:28.0794 4992	Deinitialize success

Kawai · 31.08.2011, 16:12

Log2 im Anhang

PING.EXE erheblicher Ressourcenverbrauch

Log-Analyse und Auswertung: PING.EXE erheblicher Ressourcenverbrauch