Boot.Mebroot

MacManus · 05.09.2011, 19:46

Guten Abend Community,

ich habe seit 3 Tagen immer die Meldung von Norton Internet Security 2011,
dass ein Virus gefunden wurde mit dem Namen "Boot.Mebroot". Norton kann diesen aber nicht beseitigen. wie werde ich diesen los.

Nachdem ich gelesen habe, dass jeder user ein Thema erstellen soll, damit diesem Individuell geholfen werden kann, komme ich dieser Information hiermit nach.

Gruß
MacManus

kira · 06.09.2011, 05:09

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

Zitat:

Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems

Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
läuft unter XP, Vista mit (32Bit) und Windows 7 (32Bit)
Achtung!:
WENN GMER NICHT AUSGEFÜHRT WERDEN KANN ODER PROBMLEME VERURSACHT, fahre mit dem nächsten Punkt fort!- Es ist NICHT sinnvoll einen zweiten Versuch zu starten!
Um einen tieferen Einblick in dein System, um eine mögliche Infektion mit einem Rootkit/Info v.wikipedia.org) aufzuspüren, werden wir ein Tool - Gmer - einsetzen :

- also lade Dir Gmer herunter und entpacke es auf deinen Desktop
- starte gmer.exe
- [b]schließe alle Programme, ausserdem Antiviren und andere Schutzprogramme usw müssen deaktiviert sein, keine Verbindung zum Internet, WLAN auch trennen)
- bitte nichts am Pc machen während der Scan läuft!
- klicke auf "Scan", um das Tool zu starten
- wenn der Scan fertig ist klicke auf "Copy" (das Log wird automatisch in die Zwischenablage kopiert) und mit STRG + V musst Du gleich da einfügen
- mit "Ok" wird GMER beendet.
- das Log aus der Zwischenablage hier in Deinem Thread vollständig hineinkopieren

** keine Verbindung zu einem Netzwerk und Internet - WLAN nicht vergessen
Wenn der Scan beendet ist, bitte alle Programme und Tools wieder aktivieren!
Anleitung:-> GMER - Rootkit Scanner

2.
Kontrolle mit MBR -t, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Mit dem folgenden Tool prüfen wir, ob sich etwas Schädliches im Master Boot Record eingenistet hat.

Downloade die MBR.exe von Gmer und
kopiere die Datei mbr.exe in den Ordner C:\Windows\system32.
Falls Du den Ordner nicht sehen kannst, diese Einstellungen in den Ordneroptionen vornehmen.
Start => ausführen => cmd (da reinschreiben) => OK
es öffnet sich eine Eingabeaufforderung.

Vista- und Windows 7-User: Start => Alle Programme => Zubehör => Rechtsklick auf Eingabeaufforderung und wähle Als Administrator ausführen.
Nach dem Prompt (>_) folgenden

aus der Codebox manuell eingeben oder alternativ den mit STRG + C ins Clipboard kopieren und einfügen.
Einfügen in der Eingabeaufforderung: in der Titelleiste einen Rechtsklick machen => Bearbeiten => einfügen.
Code:
ATTFilter
```
mbr.exe -t > C:\mbr.log & C:\mbr.log
         
```
(Enter drücken)
Nach kurzer Zeit wird sich Dein Editor öffnen und die Datei C:\mbr.log beinhalten.
Bitte kopiere den Inhalt hier in Deinen Thread.

3.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org

Installieren und per Doppelklick starten.
Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
"Komplett Scan durchführen" wählen (überall Haken setzen)
wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"

eine bebilderte Anleitung findest Du hier: Anleitung/virus-protect.org

4.
Systemscan mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop.

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

5.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
→ Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

MacManus · 06.09.2011, 20:02

Code:

ATTFilter

zu 1:

GMER hasn't found any system modification

zu 2:

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net
Windows 6.1.7601 

device: opened successfully
user: error reading MBR 

Disk trace:
error: Read  Das Handle ist ungültig.
kernel: error reading MBR

zu 3:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7664

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

06.09.2011 18:38:16
mbam-log-2011-09-06 (18-38-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 347545
Laufzeit: 26 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

MacManus · 06.09.2011, 20:06

Code:

ATTFilter

zu 4:
OTL logfile created on: 06.09.2011 20:44:23 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = E:\downloads\Progs
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,31 Gb Available Physical Memory | 79,08% Memory free
15,97 Gb Paging File | 13,55 Gb Available in Paging File | 84,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 61,57 Gb Free Space | 63,12% Space Free | Partition Type: NTFS
Drive D: | 415,04 Gb Total Space | 285,79 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive E: | 418,82 Gb Total Space | 403,46 Gb Free Space | 96,33% Space Free | Partition Type: NTFS
Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 127,00 Gb Total Space | 126,91 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive H: | 127,00 Gb Total Space | 103,49 Gb Free Space | 81,49% Space Free | Partition Type: NTFS
Drive I: | 44,08 Gb Total Space | 42,17 Gb Free Space | 95,67% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.06 20:43:00 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\downloads\Progs\OTL.exe
PRC - [2011.09.06 17:24:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
PRC - [2009.07.01 18:38:40 | 001,481,056 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\Winamp\winamp.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.06 18:48:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011.09.06 18:48:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011.09.06 18:48:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4655321f01d2564f3c7acda08636ecc6\IAStorCommon.ni.dll
MOD - [2011.09.06 18:48:45 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3dd77b6d66cda1f160a7adbe7c0e01af\IAStorUtil.ni.dll
MOD - [2011.09.06 18:48:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011.09.06 18:46:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011.09.06 18:45:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011.09.06 18:45:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011.09.06 18:45:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011.09.06 18:45:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011.09.06 18:13:05 | 000,155,136 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\vis_milk2.lng
MOD - [2011.09.06 18:13:05 | 000,151,040 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\winamp.lng
MOD - [2011.09.06 18:13:05 | 000,088,576 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\vis_avs.lng
MOD - [2011.09.06 18:13:05 | 000,010,240 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\pmp_usb.lng
MOD - [2011.09.06 18:13:05 | 000,007,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\vis_nsfs.lng
MOD - [2011.09.06 18:13:05 | 000,006,144 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\tagz.lng
MOD - [2011.09.06 18:13:05 | 000,006,144 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\pmp_ipod.lng
MOD - [2011.09.06 18:13:05 | 000,004,608 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\pmp_activesync.lng
MOD - [2011.09.06 18:13:05 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\pmp_p4s.lng
MOD - [2011.09.06 18:13:05 | 000,003,584 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\winampa.lng
MOD - [2011.09.06 18:13:05 | 000,003,584 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\pmp_njb.lng
MOD - [2011.09.06 18:13:04 | 000,069,120 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\burnlib.lng
MOD - [2011.09.06 18:13:04 | 000,052,736 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_local.lng
MOD - [2011.09.06 18:13:04 | 000,046,080 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_disc.lng
MOD - [2011.09.06 18:13:04 | 000,039,936 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_pmp.lng
MOD - [2011.09.06 18:13:04 | 000,022,528 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_mp3.lng
MOD - [2011.09.06 18:13:04 | 000,022,528 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\gen_ff.lng
MOD - [2011.09.06 18:13:04 | 000,021,504 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\gen_ml.lng
MOD - [2011.09.06 18:13:04 | 000,019,968 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_midi.lng
MOD - [2011.09.06 18:13:04 | 000,017,920 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_mod.lng
MOD - [2011.09.06 18:13:04 | 000,016,384 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\out_ds.lng
MOD - [2011.09.06 18:13:04 | 000,015,360 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_wm.lng
MOD - [2011.09.06 18:13:04 | 000,014,336 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_cdda.lng
MOD - [2011.09.06 18:13:04 | 000,013,824 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_wire.lng
MOD - [2011.09.06 18:13:04 | 000,013,824 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\dsp_sps.lng
MOD - [2011.09.06 18:13:04 | 000,012,800 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_playlists.lng
MOD - [2011.09.06 18:13:04 | 000,012,288 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_online.lng
MOD - [2011.09.06 18:13:04 | 000,011,264 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_vorbis.lng
MOD - [2011.09.06 18:13:04 | 000,011,264 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_nsv.lng
MOD - [2011.09.06 18:13:04 | 000,011,264 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\gen_hotkeys.lng
MOD - [2011.09.06 18:13:04 | 000,010,752 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\gen_jumpex.lng
MOD - [2011.09.06 18:13:04 | 000,009,728 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\enc_aacplus.lng
MOD - [2011.09.06 18:13:04 | 000,008,192 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\gen_tray.lng
MOD - [2011.09.06 18:13:04 | 000,007,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\out_wave.lng
MOD - [2011.09.06 18:13:04 | 000,007,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_transcode.lng
MOD - [2011.09.06 18:13:04 | 000,007,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_plg.lng
MOD - [2011.09.06 18:13:04 | 000,007,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_history.lng
MOD - [2011.09.06 18:13:04 | 000,007,168 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\gen_crasher.lng
MOD - [2011.09.06 18:13:04 | 000,006,656 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_autotag.lng
MOD - [2011.09.06 18:13:04 | 000,006,144 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\out_disk.lng
MOD - [2011.09.06 18:13:04 | 000,006,144 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_rg.lng
MOD - [2011.09.06 18:13:04 | 000,006,144 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_dshow.lng
MOD - [2011.09.06 18:13:04 | 000,006,144 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\enc_wma.lng
MOD - [2011.09.06 18:13:04 | 000,005,632 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_wav.lng
MOD - [2011.09.06 18:13:04 | 000,005,632 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_flac.lng
MOD - [2011.09.06 18:13:04 | 000,005,120 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_bookmarks.lng
MOD - [2011.09.06 18:13:04 | 000,005,120 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\enc_lame.lng
MOD - [2011.09.06 18:13:04 | 000,004,608 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_impex.lng
MOD - [2011.09.06 18:13:04 | 000,004,608 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_wv.lng
MOD - [2011.09.06 18:13:04 | 000,004,608 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_mp4.lng
MOD - [2011.09.06 18:13:04 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_orb.lng
MOD - [2011.09.06 18:13:04 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\ml_nowplaying.lng
MOD - [2011.09.06 18:13:04 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_wave.lng
MOD - [2011.09.06 18:13:04 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\enc_wav.lng
MOD - [2011.09.06 18:13:04 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\enc_vorbis.lng
MOD - [2011.09.06 18:13:04 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\enc_flake.lng
MOD - [2011.09.06 18:13:04 | 000,004,096 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\enc_flac.lng
MOD - [2011.09.06 18:13:04 | 000,003,584 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_swf.lng
MOD - [2011.09.06 18:13:04 | 000,003,584 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_linein.lng
MOD - [2011.09.06 18:13:04 | 000,003,584 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\in_flv.lng
MOD - [2011.09.06 18:13:04 | 000,002,560 | ---- | M] () -- C:\Users\Matze\AppData\Local\Temp\WLZ3CD1.tmp\playlist.lng
MOD - [2011.09.06 17:24:45 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.03 17:20:14 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.01 18:36:42 | 001,506,304 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ff.dll
MOD - [2009.07.01 18:35:10 | 000,025,600 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_hotkeys.dll
MOD - [2009.07.01 18:35:04 | 000,294,912 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_ml.dll
MOD - [2009.07.01 18:34:36 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_tray.dll
MOD - [2009.07.01 18:34:34 | 000,107,520 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_cdda.dll
MOD - [2009.07.01 18:34:10 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_linein.dll
MOD - [2009.07.01 18:34:08 | 000,098,304 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_midi.dll
MOD - [2009.07.01 18:34:00 | 000,160,768 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mod.dll
MOD - [2009.07.01 18:33:44 | 000,267,776 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp3.dll
MOD - [2009.07.01 18:33:36 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_mp4.dll
MOD - [2009.07.01 18:33:24 | 000,069,120 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_nsv.dll
MOD - [2009.07.01 18:33:18 | 000,231,424 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_vorbis.dll
MOD - [2009.07.01 18:32:56 | 000,047,104 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_ds.dll
MOD - [2009.07.01 18:32:52 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_wave.dll
MOD - [2009.07.01 18:32:40 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_dshow.dll
MOD - [2009.07.01 18:32:34 | 000,616,960 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jnetlib.w5s
MOD - [2009.07.01 18:32:18 | 000,365,056 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\aacPlusDecoder.w5s
MOD - [2009.07.01 18:32:12 | 000,297,472 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wm.dll
MOD - [2009.07.01 18:31:38 | 000,019,456 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\out_disk.dll
MOD - [2009.07.01 18:31:34 | 000,330,752 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac
MOD - [2009.07.01 18:31:30 | 000,014,848 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_wave.dll
MOD - [2009.07.01 18:31:26 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\tagz.w5s
MOD - [2009.07.01 18:31:20 | 000,201,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_pmp.dll
MOD - [2009.07.01 18:30:58 | 000,104,960 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_ipod.dll
MOD - [2009.07.01 18:30:48 | 000,017,920 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_njb.dll
MOD - [2009.07.01 18:30:44 | 000,114,176 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_p4s.dll
MOD - [2009.07.01 18:30:36 | 000,256,000 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_online.dll
MOD - [2009.07.01 18:29:44 | 000,087,552 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\xml.w5s
MOD - [2009.07.01 18:29:40 | 000,078,336 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\png.w5s
MOD - [2009.07.01 18:29:36 | 000,020,480 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_bookmarks.dll
MOD - [2009.07.01 18:29:32 | 000,194,048 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_disc.dll
MOD - [2009.07.01 18:29:16 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_history.dll
MOD - [2009.07.01 18:28:58 | 000,275,968 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_local.dll
MOD - [2009.07.01 18:28:00 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_playlists.dll
MOD - [2009.07.01 18:27:54 | 000,075,776 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\playlist.w5s
MOD - [2009.07.01 18:27:20 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_orgler.dll
MOD - [2009.07.01 18:27:06 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\auth.w5s
MOD - [2009.07.01 18:27:00 | 000,011,264 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\filereader.w5s
MOD - [2009.07.01 18:26:56 | 000,042,496 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\pmp_usb.dll
MOD - [2009.07.01 18:26:46 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_rg.dll
MOD - [2009.07.01 18:26:44 | 000,104,448 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\jpeg.w5s
MOD - [2009.07.01 18:26:38 | 000,045,568 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_impex.dll
MOD - [2009.07.01 18:26:28 | 000,028,160 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_transcode.dll
MOD - [2009.07.01 18:25:38 | 000,038,400 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flac.dll
MOD - [2009.07.01 18:25:16 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\bmp.w5s
MOD - [2009.07.01 18:25:14 | 000,015,872 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gif.w5s
MOD - [2009.07.01 18:25:06 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\timer.w5s
MOD - [2009.07.01 18:24:50 | 000,013,824 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\gracenote.w5s
MOD - [2009.07.01 18:24:46 | 000,057,856 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_plg.dll
MOD - [2009.07.01 18:24:34 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\ml_autotag.dll
MOD - [2009.07.01 18:24:28 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\dlmgr.w5s
MOD - [2009.07.01 18:24:02 | 000,034,816 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_flv.dll
MOD - [2009.07.01 18:23:44 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\in_swf.dll
MOD - [2009.07.01 18:23:28 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\Winamp\System\primo.w5s
MOD - [2009.07.01 18:23:26 | 000,869,376 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_dropbox.dll
MOD - [2009.07.01 18:21:30 | 000,046,592 | ---- | M] () -- C:\Program Files (x86)\Winamp\zlib.dll
MOD - [2009.07.01 18:21:02 | 000,064,000 | ---- | M] () -- C:\Program Files (x86)\Winamp\tataki.dll
MOD - [2009.07.01 18:20:28 | 000,087,040 | ---- | M] () -- C:\Program Files (x86)\Winamp\nde.dll
MOD - [2009.07.01 18:20:18 | 000,238,080 | ---- | M] () -- C:\Program Files (x86)\Winamp\libsndfile.dll
MOD - [2009.04.28 22:20:12 | 000,210,432 | ---- | M] () -- C:\Program Files (x86)\Winamp\Plugins\gen_jumpex.dll

MacManus · 06.09.2011, 20:09

Code:

ATTFilter

fortsetzung zu 4.

========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.29 03:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.04 17:18:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.09.03 19:03:33 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011.01.26 08:06:02 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.01.26 08:06:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.12.24 09:32:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 03:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.04.11 16:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2011.09.06 17:24:06 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.09.04 17:18:04 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110906.002\EX64.SYS -- (NAVEX15)
DRV - [2011.09.04 17:18:04 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.09.04 17:18:04 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.09.04 17:18:04 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110906.002\ENG64.SYS -- (NAVENG)
DRV - [2011.09.02 07:52:58 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110903.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011.08.12 23:21:56 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.07.28 16:06:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.04.11 16:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 E9 4F C0 34 49 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "klamm.de"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.31 18:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.05 07:04:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_0_8 [2011.09.06 17:24:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.06 17:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.04 21:17:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.04 21:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.31 18:43:34 | 000,000,000 | ---D | M]
 
[2011.07.23 15:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2011.09.04 22:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions
[2011.09.03 17:06:27 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.08.31 18:43:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.09.04 22:45:28 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions\ffxtlbr@Facemoods.com
[2011.09.04 22:44:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.09.04 22:44:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
[2011.09.05 07:04:52 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011.09.06 17:24:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.04 22:44:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.24 05:39:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 05:39:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.06.24 05:39:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.04 22:45:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.06.24 05:39:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 05:39:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 05:39:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll (facemoods.com)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E4FF81C-C6E6-4793-AC0D-7A2507A3B21F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 11:19:49 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.04.12 11:19:49 | 000,106,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell - "" = AutoRun
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell\AutoRun\command - "" = J:\Support\AutoRun\AutoRun.exe
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========

MacManus · 06.09.2011, 20:10

Code:

ATTFilter

Fortsetzung zu 4 Teil 2:

[2011.09.06 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Malwarebytes
[2011.09.06 18:11:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.09.06 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.06 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.06 18:11:18 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.06 18:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.06 17:46:34 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.09.06 17:46:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.09.04 22:45:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\facemoods.com
[2011.09.04 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.09.04 22:44:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.09.04 22:44:03 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2011.09.04 22:44:03 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2011.09.04 22:44:03 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2011.09.04 21:17:57 | 000,025,640 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011.09.04 21:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011.09.04 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2011.09.04 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Apple Computer
[2011.09.04 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Apple Computer
[2011.09.04 21:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.09.04 21:12:35 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.09.04 21:12:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.09.04 21:12:35 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.09.04 21:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.09.04 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.09.04 21:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.09.04 21:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.09.04 21:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.09.04 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Apple
[2011.09.04 21:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.09.04 21:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.09.04 21:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.09.04 21:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.09.04 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.09.04 21:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.09.04 17:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011.09.04 17:18:10 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys
[2011.09.04 17:18:10 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys
[2011.09.04 17:18:10 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys
[2011.09.04 17:18:10 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys
[2011.09.04 17:18:10 | 000,171,128 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys
[2011.09.04 17:18:10 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys
[2011.09.04 17:18:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D
[2011.09.04 17:14:27 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.09.04 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.09.04 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.09.04 17:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011.09.04 17:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011.09.04 17:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011.09.04 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.09.04 17:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.09.04 17:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.09.04 17:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.09.04 17:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.09.04 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011.09.04 17:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.09.04 15:36:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.09.04 15:26:58 | 000,627,600 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011.09.04 15:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.09.04 15:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.09.04 15:19:51 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2011.09.04 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.09.04 10:45:44 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\vlc
[2011.09.04 02:06:21 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\SleepTimerUltimate
[2011.09.04 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.09.04 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\Bioshock2
[2011.09.04 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Bioshock2
[2011.09.03 21:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.09.03 21:17:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011.09.03 21:17:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011.09.03 21:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.09.03 21:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.09.03 21:17:22 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011.09.03 21:17:22 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011.09.03 21:17:22 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011.09.03 21:17:22 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011.09.03 21:17:22 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011.09.03 21:17:22 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011.09.03 21:17:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011.09.03 21:17:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011.09.03 21:17:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011.09.03 21:17:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011.09.03 21:17:22 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011.09.03 21:17:22 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011.09.03 21:17:22 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011.09.03 21:17:22 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011.09.03 21:17:22 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011.09.03 21:17:22 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011.09.03 21:17:22 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2011.09.03 21:17:22 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2011.09.03 21:17:21 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011.09.03 21:17:21 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011.09.03 21:17:21 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011.09.03 21:17:21 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011.09.03 21:17:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011.09.03 21:17:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011.09.03 21:17:21 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011.09.03 21:17:21 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011.09.03 21:17:21 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011.09.03 21:17:21 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011.09.03 21:17:21 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011.09.03 21:17:21 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011.09.03 21:17:21 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011.09.03 21:17:21 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011.09.03 21:17:21 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011.09.03 21:17:21 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011.09.03 21:17:20 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011.09.03 21:17:20 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011.09.03 21:17:20 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011.09.03 21:17:20 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011.09.03 21:17:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011.09.03 21:17:20 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011.09.03 21:17:20 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011.09.03 21:17:20 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011.09.03 21:17:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011.09.03 21:17:20 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011.09.03 21:17:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011.09.03 21:17:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011.09.03 21:17:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011.09.03 21:17:18 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011.09.03 21:17:18 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011.09.03 21:17:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011.09.03 21:17:18 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011.09.03 21:17:18 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011.09.03 21:17:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011.09.03 21:17:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011.09.03 21:17:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011.09.03 21:17:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011.09.03 21:17:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011.09.03 21:17:17 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011.09.03 21:17:17 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011.09.03 21:17:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011.09.03 21:17:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011.09.03 21:17:17 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011.09.03 19:35:38 | 000,000,000 | -H-D | C] -- C:\Users\Matze\Documents\Runes of Magic
[2011.09.03 19:03:52 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\HP
[2011.09.03 19:03:33 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.09.03 19:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.09.03 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.09.03 19:02:58 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite
[2011.09.03 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.09.03 19:00:52 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\WinRAR
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.03 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.09.03 18:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011.09.03 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyDVD
[2011.09.03 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\AnyDVDHD
[2011.09.03 18:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2011.09.03 18:39:01 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Winamp
[2011.09.03 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.09.03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.09.03 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.09.03 18:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ-Banner-Remover
[2011.09.03 18:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.09.03 18:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.09.03 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.09.03 17:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2011.09.03 17:42:48 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2011.09.03 17:36:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\ICQ
[2011.09.03 17:35:06 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\ICQ
[2011.09.03 17:35:05 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\AOL
[2011.09.03 17:20:14 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.03 16:58:30 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.09.03 16:58:30 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.09.03 16:58:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.09.03 16:58:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.09.03 16:58:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.09.03 16:58:30 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.09.03 16:58:30 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.09.03 16:58:30 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.09.03 16:58:30 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.09.03 16:58:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.09.03 16:58:28 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.09.03 16:58:28 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.09.03 16:58:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.09.03 16:58:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.09.03 16:58:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.09.03 16:58:28 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.09.03 16:58:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.09.03 16:58:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.09.03 16:58:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.09.03 16:58:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.09.03 16:58:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.09.03 16:58:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.09.03 16:58:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.09.03 16:58:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.09.03 16:58:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.09.03 16:58:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.09.03 16:58:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.09.03 16:58:25 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.09.03 16:58:25 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.09.03 16:58:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.09.03 16:58:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.09.03 16:58:24 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.09.03 16:58:24 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.09.03 16:58:24 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.09.01 16:55:36 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2011.09.01 16:55:36 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.06 20:40:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.06 17:55:21 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe
[2011.09.06 17:46:34 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.09.06 17:46:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.09.06 17:31:10 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 17:31:10 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.06 17:29:16 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.06 17:29:16 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.06 17:29:16 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.06 17:29:16 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.06 17:29:16 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.06 17:24:06 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011.09.06 17:23:51 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.05 07:33:57 | 001,376,418 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.09.04 22:44:00 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2011.09.04 22:44:00 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2011.09.04 22:44:00 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2011.09.04 22:44:00 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2011.09.04 21:36:57 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.09.04 20:37:54 | 000,000,631 | ---- | M] () -- C:\Users\Matze\Desktop\MP3's.lnk
[2011.09.04 17:18:11 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.09.04 17:18:11 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.09.04 17:18:11 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.09.04 17:10:02 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2011.09.04 16:06:18 | 000,001,590 | ---- | M] () -- C:\Users\Matze\Desktop\Bioshock2Launcher.lnk
[2011.09.04 15:26:55 | 000,627,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2011.09.03 19:03:33 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.09.03 18:43:20 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.09.03 18:28:11 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.03 18:00:57 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.09.03 17:20:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.01 16:58:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.06 17:57:43 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe
[2011.09.04 22:55:26 | 001,729,024 | ---- | C] () -- C:\Users\Matze\Desktop\SleepTimerUltimate.exe
[2011.09.04 22:45:20 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.09.04 22:45:20 | 000,001,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.09.04 22:45:20 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.09.04 21:17:24 | 001,376,418 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.09.04 21:11:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.09.04 20:37:54 | 000,000,631 | ---- | C] () -- C:\Users\Matze\Desktop\MP3's.lnk
[2011.09.04 17:18:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.cat
[2011.09.04 17:18:10 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.cat
[2011.09.04 17:18:10 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.cat
[2011.09.04 17:18:10 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet64.cat
[2011.09.04 17:18:10 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.cat
[2011.09.04 17:18:10 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa.inf
[2011.09.04 17:18:10 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds.inf
[2011.09.04 17:18:10 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet.inf
[2011.09.04 17:18:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.inf
[2011.09.04 17:18:10 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.inf
[2011.09.04 17:18:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.inf
[2011.09.04 17:18:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.09.04 17:18:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.cat
[2011.09.04 17:14:27 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.09.04 17:14:27 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.09.04 17:13:33 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.09.04 16:06:18 | 000,001,590 | ---- | C] () -- C:\Users\Matze\Desktop\Bioshock2Launcher.lnk
[2011.09.03 19:35:22 | 000,000,764 | ---- | C] () -- C:\Users\Matze\Desktop\Runes of Magic.lnk
[2011.09.03 18:43:20 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.09.03 18:40:34 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.09.03 18:28:11 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.03 18:00:57 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.09.03 17:52:17 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.09.01 16:58:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.07.28 16:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.28 16:26:06 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.23 15:25:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.23 15:04:42 | 000,245,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.07.23 15:04:42 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.07.23 15:01:11 | 000,245,419 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011.07.23 15:01:11 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.07.23 14:56:57 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.07.23 14:27:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.23 14:22:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.27 09:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.09.03 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Babylon
[2011.09.05 21:49:42 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Bioshock2
[2011.07.24 11:38:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CoSoSys
[2011.09.03 21:11:37 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite
[2011.09.03 17:42:48 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2011.09.06 00:24:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ICQ
[2011.09.04 02:36:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\SleepTimerUltimate
[2011.09.04 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Splashtop
[2011.09.01 16:55:45 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,007,938 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

MacManus · 06.09.2011, 20:12

Code:

ATTFilter

zu 5:
@BIOS	GIGABYTE	22.07.2011		2.11
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	02.09.2011	6,00MB	10.3.183.7
Adobe Reader 9.3	Adobe Systems Incorporated	03.09.2011	210MB	9.3.0
AnyDVD	SlySoft	03.09.2011		
Apple Application Support	Apple Inc.	03.09.2011	51,0MB	1.5.2
Apple Mobile Device Support	Apple Inc.	03.09.2011	22,7MB	3.4.1.2
Apple Software Update	Apple Inc.	03.09.2011	2,38MB	2.1.3.127
ATI Catalyst Install Manager	ATI Technologies, Inc.	27.07.2011	22,3MB	3.0.778.0
AutoGreen B10.1021.1	GIGABYTE	22.07.2011	4,77MB	1.00.0000
BioShock 2	2K Games	03.09.2011		1.00.0000
Bonjour	Apple Inc.	03.09.2011	1,58MB	3.0.0.2
CCleaner	Piriform	05.09.2011		3.10
DAEMON Tools Lite	DT Soft Ltd	02.09.2011		4.41.3.0173
Desktop Icon für Amazon		02.09.2011		1.0.1 (de)
Easy Tune 6 B10.1216.1	GIGABYTE	22.07.2011	30,9MB	1.00.0000
Etron USB3.0 Host Controller	Etron Technology	22.07.2011	5,13MB	0.95
Facemoods Toolbar		03.09.2011		
HP Customer Participation Program 13.0	HP	22.07.2011		13.0
HP Imaging Device Functions 13.0	HP	22.07.2011		13.0
HP Photosmart Essential 3.5	HP	22.07.2011		3.5
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B	HP	22.07.2011		13.0
HP Smart Web Printing 4.51	HP	22.07.2011		4.51
HP Solution Center 13.0	HP	22.07.2011		13.0
HP Update	Hewlett-Packard	22.07.2011	3,73MB	4.000.011.006
ICQ 7.5 Build #5259 Banner Remover 1.0	murb.com	02.09.2011	2,77MB	
ICQ7.5	ICQ	02.09.2011		7.5
Intel(R) Control Center	Intel Corporation	23.07.2011		1.2.1.1007
Intel(R) Management Engine Components	Intel Corporation	23.07.2011		7.0.0.1118
Intel(R) Rapid Storage Technology	Intel Corporation	23.07.2011		10.1.0.1008
iTunes	Apple Inc.	03.09.2011	142,0MB	10.4.1.10
Java(TM) 7	Oracle	03.09.2011	98,9MB	7.0.0
JDownloader 0.9	AppWork GmbH	03.09.2011		0.9
Malwarebytes' Anti-Malware Version 1.51.1.1800	Malwarebytes Corporation	05.09.2011	13,4MB	1.51.1.1800
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	27.07.2011	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	27.07.2011	2,94MB	4.0.30319
Microsoft Games for Windows - LIVE	Microsoft Corporation	02.09.2011	8,31MB	3.1.186.0
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	02.09.2011	32,3MB	3.1.99.0
Microsoft Office Professional Edition 2003	Microsoft Corporation	22.07.2011	413MB	11.0.7969.0
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	02.09.2011	0,34MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	27.07.2011	0,77MB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148	Microsoft Corporation	03.09.2011	0,58MB	9.0.30729.4148
Mozilla Firefox 6.0.1 (x86 de)	Mozilla	05.09.2011	34,4MB	6.0.1
Mozilla Thunderbird (6.0.1)	Mozilla	02.09.2011		6.0.1 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	23.07.2011	1,28MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	02.09.2011	1,33MB	4.20.9876.0
Norton Internet Security	Symantec Corporation	03.09.2011		18.6.0.29
OCR Software by I.R.I.S. 13.0	HP	22.07.2011		13.0
ON_OFF Charge B11.0110.1	GIGABYTE	22.07.2011		1.00.0001
QuickTime	Apple Inc.	03.09.2011	73,0MB	7.70.80.34
Realtek Ethernet Controller Driver	Realtek	22.07.2011		7.36.1224.2010
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	22.07.2011		6.0.1.6282
Shop for HP Supplies	HP	22.07.2011		13.0
Smart 6 B10.1221.1	GIGABYTE	22.07.2011		1.00.0000
VideoLAN VLC media player 0.8.6c	VideoLAN Team	02.09.2011		0.8.6c
Winamp	Nullsoft, Inc	02.09.2011		5.56 
WinRAR 4.01 (64-Bit)	win.rar GmbH	02.09.2011		4.01.0

kira · 07.09.2011, 05:32

1.
Zur Info:
AnyDVD <- "Hacker-Tools"
als "illegal" eingestuft!

2.

Code:

ATTFilter

Facemoods Toolbar

lustige Smileys, denoch kann sehr lästig sein, ich würde darauf verzichten!

3.
TDSSKiller von Kaspersky

Lade den TDSSKiller und entpacke das Archiv auf Deinen Desktop.
Vergewissere Dich, dass die TDSSKiller.exe direkt auf dem Desktop liegt (nicht in einem Ordner auf dem Desktop).
deaktiviere vorübergehend dein AntiVirus-Programm
Starte die TDSSKiller.exe durch Doppelklick.
Nach Beendigung der Arbeit schlägt das Tool vor, das System neu zu starten.
Bestätige das ggfs. mit Y(es).
Beim Hochfahren des Systems führt der Treiber alle geplanten Operationen aus löscht sich danach.
Poste mir den Inhalt von C:\TDSSKiller<random>.txt hier in den Thread.

Hier findest Du eine ausführlichere Anleitung.

4.
Adobe Reader aktualisieren :
- Bei Installation aufpassen/mitlesen!: Wenn irgendeine Software, Toolbar etc angeboten wird, bitte abwählen! - (z.B "McAfee Security Scan Plus")
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

5.
Java aktualisieren
Deine Javaversion ist nicht aktuell.
Downloade nun die Offline-Version von Java Version 6 Update 27 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.
✏ Zusätzlich im Firefox:
unter Extras -> Addons -> Plugins ebenfalls die alten Versionen entfernen.
Starte den Rechner neu.

6.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:

► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!

MacManus · 08.09.2011, 21:41

Code:

ATTFilter

zu 1:

ist eine Version die ich schon seit 5 Jahren habe und der Trojaner jetzt zum ersten mal auftaucht. was richtet der trojaner eign an?

Zu 2:

ist deinstalliert

zu 3:

2011/09/08 22:24:25.0225 4388	TDSS rootkit removing tool 2.5.20.0 Sep  7 2011 16:44:34
2011/09/08 22:24:25.0288 4388	================================================================================
2011/09/08 22:24:25.0288 4388	SystemInfo:
2011/09/08 22:24:25.0288 4388	
2011/09/08 22:24:25.0288 4388	OS Version: 6.1.7601 ServicePack: 1.0
2011/09/08 22:24:25.0288 4388	Product type: Workstation
2011/09/08 22:24:25.0288 4388	ComputerName: MATZE-PC
2011/09/08 22:24:25.0288 4388	UserName: Matze
2011/09/08 22:24:25.0288 4388	Windows directory: C:\Windows
2011/09/08 22:24:25.0288 4388	System windows directory: C:\Windows
2011/09/08 22:24:25.0288 4388	Running under WOW64
2011/09/08 22:24:25.0288 4388	Processor architecture: Intel x64
2011/09/08 22:24:25.0288 4388	Number of processors: 4
2011/09/08 22:24:25.0288 4388	Page size: 0x1000
2011/09/08 22:24:25.0288 4388	Boot type: Normal boot
2011/09/08 22:24:25.0288 4388	================================================================================
2011/09/08 22:24:25.0771 4388	Initialize success
2011/09/08 22:24:32.0511 4688	================================================================================
2011/09/08 22:24:32.0511 4688	Scan started
2011/09/08 22:24:32.0511 4688	Mode: Manual; 
2011/09/08 22:24:32.0511 4688	================================================================================
2011/09/08 22:24:33.0181 4688	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/09/08 22:24:33.0228 4688	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/09/08 22:24:33.0259 4688	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/09/08 22:24:33.0306 4688	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
2011/09/08 22:24:33.0337 4688	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
2011/09/08 22:24:33.0369 4688	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
2011/09/08 22:24:33.0415 4688	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/09/08 22:24:33.0462 4688	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/09/08 22:24:33.0493 4688	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/09/08 22:24:33.0509 4688	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/09/08 22:24:33.0525 4688	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
2011/09/08 22:24:33.0665 4688	amdkmdag        (bbab5b28253fe0fc7255d8775ba05c1d) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/09/08 22:24:33.0759 4688	amdkmdap        (cba35ff4092b91e105d93ed11a0250b6) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/09/08 22:24:33.0774 4688	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
2011/09/08 22:24:33.0790 4688	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/09/08 22:24:33.0805 4688	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
2011/09/08 22:24:33.0852 4688	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/09/08 22:24:33.0946 4688	AnyDVD          (08df23adb28c4e98fc75d5554829f2af) C:\Windows\system32\Drivers\AnyDVD.sys
2011/09/08 22:24:33.0993 4688	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/09/08 22:24:34.0055 4688	AppleCharger    (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys
2011/09/08 22:24:34.0117 4688	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
2011/09/08 22:24:34.0133 4688	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
2011/09/08 22:24:34.0164 4688	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/08 22:24:34.0180 4688	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/09/08 22:24:34.0273 4688	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
2011/09/08 22:24:34.0305 4688	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/09/08 22:24:34.0367 4688	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/09/08 22:24:34.0570 4688	BHDrvx64        (c823adeedd3ae6f3db52b6152e5789cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys
2011/09/08 22:24:34.0617 4688	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/09/08 22:24:34.0679 4688	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/08 22:24:34.0710 4688	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
2011/09/08 22:24:34.0710 4688	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
2011/09/08 22:24:34.0741 4688	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/09/08 22:24:34.0757 4688	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/09/08 22:24:34.0773 4688	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/09/08 22:24:34.0788 4688	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/09/08 22:24:34.0788 4688	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
2011/09/08 22:24:34.0835 4688	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/08 22:24:34.0866 4688	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/08 22:24:34.0866 4688	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
2011/09/08 22:24:34.0913 4688	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/09/08 22:24:34.0944 4688	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
2011/09/08 22:24:34.0960 4688	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/09/08 22:24:34.0975 4688	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/09/08 22:24:34.0991 4688	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
2011/09/08 22:24:35.0007 4688	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/09/08 22:24:35.0022 4688	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
2011/09/08 22:24:35.0069 4688	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/09/08 22:24:35.0085 4688	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/09/08 22:24:35.0100 4688	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/09/08 22:24:35.0131 4688	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
2011/09/08 22:24:35.0163 4688	dmvsc           (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
2011/09/08 22:24:35.0194 4688	Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
2011/09/08 22:24:35.0225 4688	Dot4Print       (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/09/08 22:24:35.0241 4688	dot4usb         (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/09/08 22:24:35.0256 4688	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/09/08 22:24:35.0287 4688	dtsoftbus01     (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/09/08 22:24:35.0334 4688	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/08 22:24:35.0397 4688	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
2011/09/08 22:24:35.0490 4688	eeCtrl          (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/09/08 22:24:35.0553 4688	ElbyCDIO        (3836e2db9034543f63943cdbb52a691a) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/09/08 22:24:35.0599 4688	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
2011/09/08 22:24:35.0615 4688	EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/09/08 22:24:35.0631 4688	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/09/08 22:24:35.0677 4688	EtronHub3       (6c17a702399b0205ab7836c2b45cd806) C:\Windows\system32\Drivers\EtronHub3.sys
2011/09/08 22:24:35.0693 4688	EtronXHCI       (b5348a55cc9541ffa930e30bb0cc8ef6) C:\Windows\system32\Drivers\EtronXHCI.sys
2011/09/08 22:24:35.0709 4688	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/09/08 22:24:35.0740 4688	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/09/08 22:24:35.0771 4688	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
2011/09/08 22:24:35.0787 4688	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/09/08 22:24:35.0787 4688	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/09/08 22:24:35.0818 4688	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
2011/09/08 22:24:35.0833 4688	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/09/08 22:24:35.0849 4688	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/09/08 22:24:35.0865 4688	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/08 22:24:35.0880 4688	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/09/08 22:24:35.0896 4688	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/08 22:24:35.0927 4688	gdrv            (7907e14f9bcf3a4689c9a74a1a873cb6) C:\Windows\gdrv.sys
2011/09/08 22:24:35.0958 4688	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/09/08 22:24:35.0989 4688	GVTDrv64        (8126331fbd4ed29eb3b356f9c905064d) C:\Windows\GVTDrv64.sys
2011/09/08 22:24:36.0021 4688	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/09/08 22:24:36.0052 4688	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/09/08 22:24:36.0083 4688	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/08 22:24:36.0099 4688	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
2011/09/08 22:24:36.0114 4688	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
2011/09/08 22:24:36.0130 4688	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
2011/09/08 22:24:36.0161 4688	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/08 22:24:36.0192 4688	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/09/08 22:24:36.0223 4688	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/09/08 22:24:36.0255 4688	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/09/08 22:24:36.0270 4688	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/08 22:24:36.0301 4688	iaStor          (d7921d5a870b11cc1adab198a519d50a) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/08 22:24:36.0333 4688	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/09/08 22:24:36.0489 4688	IDSVia64        (0b97f1a640ad3d159a7b5d2164c42e50) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110903.030\IDSvia64.sys
2011/09/08 22:24:36.0504 4688	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
2011/09/08 22:24:36.0567 4688	IntcAzAudAddService (03076f51af9f78a272cccde03e9340ce) C:\Windows\system32\drivers\RTKVHD64.sys
2011/09/08 22:24:36.0582 4688	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/09/08 22:24:36.0613 4688	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/08 22:24:36.0645 4688	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/08 22:24:36.0645 4688	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/09/08 22:24:36.0660 4688	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/09/08 22:24:36.0691 4688	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/09/08 22:24:36.0707 4688	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/09/08 22:24:36.0723 4688	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/09/08 22:24:36.0754 4688	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/08 22:24:36.0785 4688	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/08 22:24:36.0801 4688	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/08 22:24:36.0816 4688	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/09/08 22:24:36.0816 4688	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/09/08 22:24:36.0847 4688	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/08 22:24:36.0863 4688	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/08 22:24:36.0879 4688	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/08 22:24:36.0894 4688	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
2011/09/08 22:24:36.0910 4688	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/08 22:24:36.0925 4688	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/09/08 22:24:36.0957 4688	MBAMProtector   (9c4fb231b6e02f84580de2f00f3c5293) C:\Windows\system32\drivers\mbam.sys
2011/09/08 22:24:36.0972 4688	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
2011/09/08 22:24:36.0988 4688	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
2011/09/08 22:24:37.0003 4688	MEIx64          (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/09/08 22:24:37.0035 4688	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/09/08 22:24:37.0050 4688	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/08 22:24:37.0066 4688	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/08 22:24:37.0081 4688	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/08 22:24:37.0097 4688	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/09/08 22:24:37.0097 4688	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/09/08 22:24:37.0113 4688	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/08 22:24:37.0128 4688	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/09/08 22:24:37.0159 4688	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/08 22:24:37.0175 4688	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/08 22:24:37.0206 4688	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/08 22:24:37.0222 4688	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/09/08 22:24:37.0237 4688	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/09/08 22:24:37.0269 4688	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/09/08 22:24:37.0284 4688	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/09/08 22:24:37.0284 4688	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/09/08 22:24:37.0315 4688	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/08 22:24:37.0347 4688	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/08 22:24:37.0362 4688	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/09/08 22:24:37.0378 4688	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/09/08 22:24:37.0393 4688	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/08 22:24:37.0409 4688	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/09/08 22:24:37.0425 4688	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
2011/09/08 22:24:37.0440 4688	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/09/08 22:24:37.0471 4688	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/08 22:24:37.0612 4688	NAVENG          (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110907.002\ENG64.SYS
2011/09/08 22:24:37.0659 4688	NAVEX15         (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110907.002\EX64.SYS
2011/09/08 22:24:37.0705 4688	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/09/08 22:24:37.0737 4688	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/09/08 22:24:37.0737 4688	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/08 22:24:37.0752 4688	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/08 22:24:37.0768 4688	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/08 22:24:37.0799 4688	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/09/08 22:24:37.0830 4688	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/08 22:24:37.0846 4688	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/08 22:24:37.0877 4688	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
2011/09/08 22:24:37.0893 4688	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/09/08 22:24:37.0908 4688	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/08 22:24:37.0939 4688	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/09/08 22:24:37.0986 4688	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/09/08 22:24:38.0002 4688	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/09/08 22:24:38.0033 4688	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/09/08 22:24:38.0049 4688	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/09/08 22:24:38.0064 4688	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/09/08 22:24:38.0080 4688	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/09/08 22:24:38.0095 4688	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/09/08 22:24:38.0111 4688	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/09/08 22:24:38.0142 4688	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/09/08 22:24:38.0158 4688	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
2011/09/08 22:24:38.0173 4688	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/09/08 22:24:38.0189 4688	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/09/08 22:24:38.0267 4688	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/08 22:24:38.0283 4688	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
2011/09/08 22:24:38.0298 4688	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/08 22:24:38.0345 4688	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
2011/09/08 22:24:38.0376 4688	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
2011/09/08 22:24:38.0392 4688	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/08 22:24:38.0407 4688	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/08 22:24:38.0439 4688	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/09/08 22:24:38.0454 4688	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/08 22:24:38.0470 4688	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/08 22:24:38.0485 4688	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/08 22:24:38.0501 4688	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/08 22:24:38.0501 4688	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/09/08 22:24:38.0532 4688	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/08 22:24:38.0579 4688	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/09/08 22:24:38.0595 4688	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/08 22:24:38.0610 4688	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/09/08 22:24:38.0641 4688	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/09/08 22:24:38.0657 4688	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/09/08 22:24:38.0673 4688	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/08 22:24:38.0688 4688	RTL8167         (712944c0a377e9b8743f95bd83e882d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/09/08 22:24:38.0719 4688	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/09/08 22:24:38.0751 4688	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/09/08 22:24:38.0766 4688	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/09/08 22:24:38.0782 4688	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/09/08 22:24:38.0797 4688	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/08 22:24:38.0829 4688	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/09/08 22:24:38.0844 4688	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
2011/09/08 22:24:38.0860 4688	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/09/08 22:24:38.0875 4688	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/08 22:24:38.0891 4688	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/08 22:24:38.0891 4688	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
2011/09/08 22:24:38.0907 4688	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
2011/09/08 22:24:38.0922 4688	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
2011/09/08 22:24:38.0938 4688	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/09/08 22:24:38.0969 4688	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/09/08 22:24:39.0047 4688	SRTSP           (90ef30c3867bcde4579c01a6d6e75a7a) C:\Windows\System32\Drivers\NISx64\1206000.01D\SRTSP64.SYS
2011/09/08 22:24:39.0078 4688	SRTSPX          (c513e8a5e7978da49077f5484344ee1b) C:\Windows\system32\drivers\NISx64\1206000.01D\SRTSPX64.SYS
2011/09/08 22:24:39.0094 4688	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/09/08 22:24:39.0125 4688	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/08 22:24:39.0156 4688	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/08 22:24:39.0203 4688	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
2011/09/08 22:24:39.0234 4688	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/09/08 22:24:39.0265 4688	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/09/08 22:24:39.0281 4688	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/08 22:24:39.0297 4688	SymDS           (6160145c7a87fc7672e8e3b886888176) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMDS64.SYS
2011/09/08 22:24:39.0328 4688	SymEFA          (96aeed40d4d3521568b42027687e69e0) C:\Windows\system32\drivers\NISx64\1206000.01D\SYMEFA64.SYS
2011/09/08 22:24:39.0375 4688	SymEvent        (21a1c2d694c3cf962d31f5e873ab3d6f) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/09/08 22:24:39.0421 4688	SymIRON         (bd0d711d8cbfcaa19ca123306eaf53a5) C:\Windows\system32\drivers\NISx64\1206000.01D\Ironx64.SYS
2011/09/08 22:24:39.0437 4688	SymNetS         (a6adb3d83023f8daa0f7b6fda785d83b) C:\Windows\System32\Drivers\NISx64\1206000.01D\SYMNETS.SYS
2011/09/08 22:24:39.0515 4688	Tcpip           (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/09/08 22:24:39.0577 4688	TCPIP6          (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/08 22:24:39.0593 4688	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/08 22:24:39.0609 4688	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/09/08 22:24:39.0624 4688	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/09/08 22:24:39.0655 4688	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/08 22:24:39.0655 4688	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/08 22:24:39.0687 4688	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/08 22:24:39.0702 4688	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/09/08 22:24:39.0718 4688	TsUsbGD         (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
2011/09/08 22:24:39.0733 4688	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/08 22:24:39.0749 4688	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
2011/09/08 22:24:39.0796 4688	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/08 22:24:39.0843 4688	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/08 22:24:39.0858 4688	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/08 22:24:39.0874 4688	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
2011/09/08 22:24:39.0936 4688	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
2011/09/08 22:24:39.0967 4688	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
2011/09/08 22:24:39.0983 4688	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/09/08 22:24:40.0014 4688	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
2011/09/08 22:24:40.0045 4688	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/08 22:24:40.0061 4688	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
2011/09/08 22:24:40.0077 4688	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/08 22:24:40.0092 4688	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/08 22:24:40.0092 4688	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/08 22:24:40.0123 4688	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/09/08 22:24:40.0139 4688	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/09/08 22:24:40.0155 4688	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/08 22:24:40.0186 4688	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/09/08 22:24:40.0201 4688	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/09/08 22:24:40.0217 4688	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/09/08 22:24:40.0233 4688	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/09/08 22:24:40.0264 4688	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/09/08 22:24:40.0279 4688	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/09/08 22:24:40.0295 4688	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/09/08 22:24:40.0326 4688	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/09/08 22:24:40.0342 4688	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
2011/09/08 22:24:40.0357 4688	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/09/08 22:24:40.0389 4688	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
2011/09/08 22:24:40.0404 4688	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/08 22:24:40.0420 4688	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/08 22:24:40.0435 4688	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
2011/09/08 22:24:40.0451 4688	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/08 22:24:40.0482 4688	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/09/08 22:24:40.0498 4688	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/09/08 22:24:40.0560 4688	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/09/08 22:24:40.0576 4688	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/08 22:24:40.0591 4688	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/08 22:24:40.0607 4688	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/09/08 22:24:40.0669 4688	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/08 22:24:40.0701 4688	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/09/08 22:24:40.0716 4688	MBR (0x1B8)     (eeadaf356113e54427e990a5bcad82b5) \Device\Harddisk1\DR1
2011/09/08 22:24:40.0716 4688	\Device\Harddisk1\DR1 - detected Backdoor.Win32.Sinowal.knf (0)
2011/09/08 22:24:40.0716 4688	Boot (0x1200)   (6fe1e39c8a4b77cf8db80531844a41a6) \Device\Harddisk0\DR0\Partition0
2011/09/08 22:24:40.0732 4688	Boot (0x1200)   (5002290b06ccdc3ad5342e6847ee7eec) \Device\Harddisk0\DR0\Partition1
2011/09/08 22:24:40.0747 4688	Boot (0x1200)   (0b8ef3f7b043c94b9fb0f3691c529d16) \Device\Harddisk0\DR0\Partition2
2011/09/08 22:24:40.0779 4688	Boot (0x1200)   (7ca310ee6db02ff5b4d122cbbffd06ca) \Device\Harddisk0\DR0\Partition3
2011/09/08 22:24:40.0779 4688	Boot (0x1200)   (7ed4492c8d3cc6843394091ea18d9c8e) \Device\Harddisk1\DR1\Partition0
2011/09/08 22:24:40.0810 4688	Boot (0x1200)   (db5fd9cf9e21fe595f66b820af239faa) \Device\Harddisk1\DR1\Partition1
2011/09/08 22:24:40.0825 4688	Boot (0x1200)   (69c81495a80f752acc7cb37907a150ac) \Device\Harddisk1\DR1\Partition2
2011/09/08 22:24:40.0825 4688	================================================================================
2011/09/08 22:24:40.0825 4688	Scan finished
2011/09/08 22:24:40.0825 4688	================================================================================
2011/09/08 22:24:40.0825 3516	Detected object count: 1
2011/09/08 22:24:40.0825 3516	Actual detected object count: 1
2011/09/08 22:25:07.0892 3516	\Device\Harddisk1\DR1 (Backdoor.Win32.Sinowal.knf) - will be cured after reboot
2011/09/08 22:25:07.0892 3516	\Device\Harddisk1\DR1 - ok
2011/09/08 22:25:07.0892 3516	Backdoor.Win32.Sinowal.knf(\Device\Harddisk1\DR1) - User select action: Cure 
2011/09/08 22:25:16.0222 4344	Deinitialize success

MacManus · 08.09.2011, 21:44

[Code]
zu 4:

ist aktualisiert!

zu 5:

Java deinstalliert und offline Version runtergeladen und installiert.Java Version prüfen lassen.Meldung:Version ist aktuell

zu 6 otl.txt:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 08.09.2011 22:37:02 - Run 3
OTL by OldTimer - Version 3.2.27.0     Folder = E:\downloads\Progs
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,33% Memory free
15,97 Gb Paging File | 14,17 Gb Available in Paging File | 88,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 61,19 Gb Free Space | 62,72% Space Free | Partition Type: NTFS
Drive D: | 415,04 Gb Total Space | 285,79 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive E: | 418,82 Gb Total Space | 403,56 Gb Free Space | 96,36% Space Free | Partition Type: NTFS
Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 127,00 Gb Total Space | 126,91 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive H: | 127,00 Gb Total Space | 103,49 Gb Free Space | 81,49% Space Free | Partition Type: NTFS
Drive I: | 44,08 Gb Total Space | 40,61 Gb Free Space | 92,13% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.06 20:43:00 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\downloads\Progs\OTL.exe
PRC - [2011.09.06 17:24:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.06 18:48:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011.09.06 18:48:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011.09.06 18:48:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4655321f01d2564f3c7acda08636ecc6\IAStorCommon.ni.dll
MOD - [2011.09.06 18:48:45 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3dd77b6d66cda1f160a7adbe7c0e01af\IAStorUtil.ni.dll
MOD - [2011.09.06 18:48:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011.09.06 18:46:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011.09.06 18:45:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011.09.06 18:45:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011.09.06 18:45:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011.09.06 18:45:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011.09.06 17:24:45 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.29 03:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.04 17:18:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.09.03 19:03:33 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011.01.26 08:06:02 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.01.26 08:06:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.12.24 09:32:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 03:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.04.11 16:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2011.09.08 22:26:08 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.09.04 17:18:04 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110907.002\EX64.SYS -- (NAVEX15)
DRV - [2011.09.04 17:18:04 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.09.04 17:18:04 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.09.04 17:18:04 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110907.002\ENG64.SYS -- (NAVENG)
DRV - [2011.09.02 07:52:58 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110903.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011.08.12 23:21:56 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.07.28 16:06:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.04.11 16:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 E9 4F C0 34 49 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "klamm.de"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.31 18:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.07 17:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011.09.08 22:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.06 17:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.07 22:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.04 21:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.31 18:43:34 | 000,000,000 | ---D | M]
 
[2011.07.23 15:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2011.09.08 22:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions
[2011.09.03 17:06:27 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.08.31 18:43:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.09.08 22:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.09.08 22:26:05 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_1_3
[2011.09.07 17:01:35 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011.09.06 17:24:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.04 22:44:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.24 05:39:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 05:39:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.06.24 05:39:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.04 22:45:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.06.24 05:39:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 05:39:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 05:39:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E4FF81C-C6E6-4793-AC0D-7A2507A3B21F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 11:19:49 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.04.12 11:19:49 | 000,106,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell - "" = AutoRun
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell\AutoRun\command - "" = J:\Support\AutoRun\AutoRun.exe
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.08 22:32:05 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.09.08 22:32:05 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.09.08 22:32:05 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.09.08 22:22:24 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matze\Desktop\TDSSKiller.exe
[2011.09.07 22:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.09.07 22:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.09.07 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Adobe
[2011.09.06 20:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.09.06 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Malwarebytes
[2011.09.06 18:11:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.09.06 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.06 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.06 18:11:18 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.06 18:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.06 17:46:34 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.09.06 17:46:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.09.05 07:34:00 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.09.05 07:34:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.09.04 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.09.04 21:17:57 | 000,025,640 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011.09.04 21:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011.09.04 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2011.09.04 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Apple Computer
[2011.09.04 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Apple Computer
[2011.09.04 21:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.09.04 21:12:35 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.09.04 21:12:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.09.04 21:12:35 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.09.04 21:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.09.04 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.09.04 21:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.09.04 21:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.09.04 21:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.09.04 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Apple
[2011.09.04 21:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.09.04 21:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.09.04 21:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.09.04 21:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.09.04 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.09.04 21:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.09.04 17:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011.09.04 17:18:10 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys
[2011.09.04 17:18:10 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys
[2011.09.04 17:18:10 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys
[2011.09.04 17:18:10 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys
[2011.09.04 17:18:10 | 000,171,128 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys
[2011.09.04 17:18:10 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys
[2011.09.04 17:18:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D
[2011.09.04 17:14:27 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.09.04 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.09.04 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.09.04 17:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011.09.04 17:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011.09.04 17:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011.09.04 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.09.04 17:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.09.04 17:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.09.04 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011.09.04 17:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.09.04 15:36:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.09.04 15:26:58 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.09.04 15:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.09.04 15:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.09.04 15:19:51 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2011.09.04 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.09.04 10:45:44 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\vlc
[2011.09.04 02:06:21 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\SleepTimerUltimate
[2011.09.04 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.09.04 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\Bioshock2
[2011.09.04 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Bioshock2
[2011.09.03 21:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.09.03 21:17:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011.09.03 21:17:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011.09.03 21:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.09.03 21:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.09.03 21:17:22 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011.09.03 21:17:22 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011.09.03 21:17:22 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011.09.03 21:17:22 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011.09.03 21:17:22 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011.09.03 21:17:22 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011.09.03 21:17:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011.09.03 21:17:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011.09.03 21:17:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011.09.03 21:17:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011.09.03 21:17:22 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011.09.03 21:17:22 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011.09.03 21:17:22 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011.09.03 21:17:22 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011.09.03 21:17:22 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011.09.03 21:17:22 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011.09.03 21:17:22 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2011.09.03 21:17:22 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2011.09.03 21:17:21 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011.09.03 21:17:21 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011.09.03 21:17:21 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011.09.03 21:17:21 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011.09.03 21:17:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011.09.03 21:17:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011.09.03 21:17:21 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011.09.03 21:17:21 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011.09.03 21:17:21 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011.09.03 21:17:21 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011.09.03 21:17:21 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011.09.03 21:17:21 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011.09.03 21:17:21 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011.09.03 21:17:21 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011.09.03 21:17:21 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011.09.03 21:17:21 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011.09.03 21:17:20 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011.09.03 21:17:20 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011.09.03 21:17:20 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011.09.03 21:17:20 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011.09.03 21:17:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011.09.03 21:17:20 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011.09.03 21:17:20 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011.09.03 21:17:20 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011.09.03 21:17:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011.09.03 21:17:20 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011.09.03 21:17:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011.09.03 21:17:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011.09.03 21:17:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011.09.03 21:17:18 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011.09.03 21:17:18 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011.09.03 21:17:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011.09.03 21:17:18 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011.09.03 21:17:18 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011.09.03 21:17:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011.09.03 21:17:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011.09.03 21:17:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011.09.03 21:17:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011.09.03 21:17:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011.09.03 21:17:17 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011.09.03 21:17:17 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011.09.03 21:17:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011.09.03 21:17:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011.09.03 21:17:17 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011.09.03 19:35:38 | 000,000,000 | -H-D | C] -- C:\Users\Matze\Documents\Runes of Magic
[2011.09.03 19:03:52 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\HP
[2011.09.03 19:03:33 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.09.03 19:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.09.03 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.09.03 19:02:58 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite
[2011.09.03 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.09.03 19:00:52 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\WinRAR
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.03 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.09.03 18:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011.09.03 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyDVD
[2011.09.03 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\AnyDVDHD
[2011.09.03 18:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2011.09.03 18:39:01 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Winamp
[2011.09.03 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.09.03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.09.03 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.09.03 18:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ-Banner-Remover
[2011.09.03 18:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.09.03 18:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.09.03 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.09.03 17:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2011.09.03 17:42:48 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2011.09.03 17:36:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\ICQ
[2011.09.03 17:35:06 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\ICQ
[2011.09.03 17:35:05 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\AOL
[2011.09.03 17:20:14 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.03 16:58:30 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.09.03 16:58:30 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.09.03 16:58:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.09.03 16:58:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.09.03 16:58:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.09.03 16:58:30 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.09.03 16:58:30 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.09.03 16:58:30 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.09.03 16:58:30 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.09.03 16:58:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.09.03 16:58:28 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.09.03 16:58:28 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.09.03 16:58:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.09.03 16:58:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.09.03 16:58:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.09.03 16:58:28 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.09.03 16:58:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.09.03 16:58:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.09.03 16:58:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.09.03 16:58:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.09.03 16:58:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.09.03 16:58:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.09.03 16:58:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.09.03 16:58:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.09.03 16:58:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.09.03 16:58:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.09.03 16:58:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.09.03 16:58:25 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.09.03 16:58:25 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.09.03 16:58:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.09.03 16:58:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.09.03 16:58:24 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.09.03 16:58:24 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.09.03 16:58:24 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.09.01 16:55:36 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2011.09.01 16:55:36 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.08 22:33:13 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 22:33:13 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 22:32:00 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.09.08 22:32:00 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.09.08 22:32:00 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.09.08 22:32:00 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.09.08 22:30:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.08 22:30:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.08 22:30:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.08 22:30:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.08 22:30:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.08 22:26:08 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011.09.08 22:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.08 22:25:54 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.07 22:42:58 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.09.07 17:08:55 | 001,377,534 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.09.07 16:45:54 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matze\Desktop\TDSSKiller.exe
[2011.09.06 17:55:21 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe
[2011.09.06 17:46:34 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.09.06 17:46:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.09.04 22:44:00 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2011.09.04 21:36:57 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.09.04 20:37:54 | 000,000,631 | ---- | M] () -- C:\Users\Matze\Desktop\MP3's.lnk
[2011.09.04 17:18:11 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.09.04 17:18:11 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.09.04 17:18:11 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.09.04 17:10:02 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2011.09.04 16:06:18 | 000,001,590 | ---- | M] () -- C:\Users\Matze\Desktop\Bioshock2Launcher.lnk
[2011.09.03 19:03:33 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.09.03 18:43:20 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.09.03 18:28:11 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.03 18:00:57 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.09.03 17:20:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.01 16:58:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.07 22:42:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.09.07 22:42:58 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.09.06 17:57:43 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe
[2011.09.04 22:55:26 | 001,729,024 | ---- | C] () -- C:\Users\Matze\Desktop\SleepTimerUltimate.exe
[2011.09.04 22:45:20 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.09.04 22:45:20 | 000,001,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.09.04 22:45:20 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.09.04 21:17:24 | 001,377,534 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.09.04 21:11:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.09.04 20:37:54 | 000,000,631 | ---- | C] () -- C:\Users\Matze\Desktop\MP3's.lnk
[2011.09.04 17:18:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.cat
[2011.09.04 17:18:10 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.cat
[2011.09.04 17:18:10 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.cat
[2011.09.04 17:18:10 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet64.cat
[2011.09.04 17:18:10 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.cat
[2011.09.04 17:18:10 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa.inf
[2011.09.04 17:18:10 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds.inf
[2011.09.04 17:18:10 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet.inf
[2011.09.04 17:18:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.inf
[2011.09.04 17:18:10 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.inf
[2011.09.04 17:18:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.inf
[2011.09.04 17:18:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.09.04 17:18:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.cat
[2011.09.04 17:14:27 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.09.04 17:14:27 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.09.04 16:06:18 | 000,001,590 | ---- | C] () -- C:\Users\Matze\Desktop\Bioshock2Launcher.lnk
[2011.09.03 19:35:22 | 000,000,764 | ---- | C] () -- C:\Users\Matze\Desktop\Runes of Magic.lnk
[2011.09.03 18:43:20 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.09.03 18:40:34 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.09.03 18:28:11 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.03 18:00:57 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.09.03 17:52:17 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.09.01 16:58:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.07.28 16:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.28 16:26:06 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.23 15:25:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.23 15:04:42 | 000,245,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.07.23 15:04:42 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.07.23 15:01:11 | 000,245,419 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011.07.23 15:01:11 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.07.23 14:56:57 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.07.23 14:27:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.23 14:22:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.27 09:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.09.03 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Babylon
[2011.09.06 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Bioshock2
[2011.07.24 11:38:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CoSoSys
[2011.09.03 21:11:37 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite
[2011.09.03 17:42:48 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2011.09.06 00:24:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ICQ
[2011.09.04 02:36:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\SleepTimerUltimate
[2011.09.04 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Splashtop
[2011.09.01 16:55:45 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,008,946 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

MacManus · 08.09.2011, 21:47

Code:

ATTFilter

zu 4:

ist aktualisiert!

zu 5:

Java deinstalliert und offline Version runtergeladen und installiert.Java Version prüfen lassen.Meldung:Version ist aktuell

zu 6 otl.txt:

OTL logfile created on: 08.09.2011 22:37:02 - Run 3
OTL by OldTimer - Version 3.2.27.0     Folder = E:\downloads\Progs
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,33% Memory free
15,97 Gb Paging File | 14,17 Gb Available in Paging File | 88,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 61,19 Gb Free Space | 62,72% Space Free | Partition Type: NTFS
Drive D: | 415,04 Gb Total Space | 285,79 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive E: | 418,82 Gb Total Space | 403,56 Gb Free Space | 96,36% Space Free | Partition Type: NTFS
Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 127,00 Gb Total Space | 126,91 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive H: | 127,00 Gb Total Space | 103,49 Gb Free Space | 81,49% Space Free | Partition Type: NTFS
Drive I: | 44,08 Gb Total Space | 40,61 Gb Free Space | 92,13% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.06 20:43:00 | 000,581,120 | ---- | M] (OldTimer Tools) -- E:\downloads\Progs\OTL.exe
PRC - [2011.09.06 17:24:45 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
PRC - [2010.11.21 05:25:10 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.11.05 23:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.04.22 15:05:26 | 001,011,712 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\AlarmClock.exe
PRC - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.06 18:48:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\6124dbbfd45927c4a6226d6e6bca6253\WindowsBase.ni.dll
MOD - [2011.09.06 18:48:47 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e3e3b399b69c569ab1ed3b0ace2c8c20\System.Runtime.Remoting.ni.dll
MOD - [2011.09.06 18:48:47 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\4655321f01d2564f3c7acda08636ecc6\IAStorCommon.ni.dll
MOD - [2011.09.06 18:48:45 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3dd77b6d66cda1f160a7adbe7c0e01af\IAStorUtil.ni.dll
MOD - [2011.09.06 18:48:43 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011.09.06 18:46:00 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011.09.06 18:45:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011.09.06 18:45:53 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011.09.06 18:45:52 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011.09.06 18:45:49 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2011.09.06 17:24:45 | 001,846,232 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.29 03:51:08 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.17 02:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe -- (NIS)
SRV - [2010.11.05 23:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.22 13:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.13 16:39:46 | 000,114,688 | ---- | M] (Gigabyte Technology CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe -- (Smart TimeLock)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.09.04 17:18:11 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.09.03 19:03:33 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.08 17:45:12 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.31 05:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 05:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 04:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 08:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys -- (SymDS)
DRV:64bit: - [2011.01.27 07:07:06 | 000,171,128 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2011.01.26 08:06:02 | 000,039,808 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.01.26 08:06:00 | 000,064,256 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.12.24 09:32:54 | 000,412,264 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 23:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.09.29 04:26:12 | 007,883,264 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.29 03:14:48 | 000,285,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.04.11 16:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2007.08.07 21:48:37 | 000,032,712 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV - [2011.09.08 22:26:08 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011.09.04 17:18:04 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110907.002\EX64.SYS -- (NAVEX15)
DRV - [2011.09.04 17:18:04 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.09.04 17:18:04 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011.09.04 17:18:04 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110907.002\ENG64.SYS -- (NAVENG)
DRV - [2011.09.02 07:52:58 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110903.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011.08.12 23:21:56 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110812.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.07.28 16:06:20 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2008.04.11 16:14:45 | 000,111,552 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 E9 4F C0 34 49 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "klamm.de"
FF - prefs.js..network.proxy.type: 0
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6c: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.31 18:43:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011.09.07 17:01:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_1_3 [2011.09.08 22:26:05 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.06 17:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.07 22:42:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.09.04 21:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.08.31 18:43:34 | 000,000,000 | ---D | M]
 
[2011.07.23 15:18:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions
[2011.09.08 22:21:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions
[2011.09.03 17:06:27 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2011.08.31 18:43:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\7bwcp5u1.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.09.08 22:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.09.03 17:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.09.08 22:26:05 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN_2011_7_1_3
[2011.09.07 17:01:35 | 000,000,000 | ---D | M] (Symantec IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\MATZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7BWCP5U1.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2011.09.06 17:24:45 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.04 22:44:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.06.24 05:39:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.24 05:39:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.06.24 05:39:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.04 22:45:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.06.24 05:39:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.24 05:39:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.24 05:39:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4:64bit: - HKLM..\RunOnce: [RPMKickstart] C:\Programme\GIGABYTE\SMART6\Recovery\RPMKickstart.exe (Gigabyte Technology CO., LTD.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6E4FF81C-C6E6-4793-AC0D-7A2507A3B21F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 11:19:49 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.04.12 11:19:49 | 000,106,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell - "" = AutoRun
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell\AutoRun\command - "" = J:\Support\AutoRun\AutoRun.exe
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.08 22:32:05 | 000,190,752 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.09.08 22:32:05 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.09.08 22:32:05 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.09.08 22:22:24 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Matze\Desktop\TDSSKiller.exe
[2011.09.07 22:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.09.07 22:42:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.09.07 22:42:48 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Adobe
[2011.09.06 20:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.09.06 18:11:30 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Malwarebytes
[2011.09.06 18:11:21 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.09.06 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.06 18:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.06 18:11:18 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.09.06 18:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.09.06 17:46:34 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.09.06 17:46:33 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.09.05 07:34:00 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.09.05 07:34:00 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.09.04 22:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.09.04 21:17:57 | 000,025,640 | ---- | C] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011.09.04 21:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2011.09.04 21:16:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SlySoft
[2011.09.04 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Apple Computer
[2011.09.04 21:12:41 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Apple Computer
[2011.09.04 21:12:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.09.04 21:12:35 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2011.09.04 21:12:35 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2011.09.04 21:12:35 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2011.09.04 21:12:35 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2011.09.04 21:12:30 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.09.04 21:12:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2011.09.04 21:12:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.09.04 21:12:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011.09.04 21:12:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.09.04 21:11:59 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Apple
[2011.09.04 21:11:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.09.04 21:11:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.09.04 21:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.09.04 21:11:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.09.04 21:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.09.04 21:11:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011.09.04 17:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2011.09.04 17:18:10 | 000,912,504 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.sys
[2011.09.04 17:18:10 | 000,744,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.sys
[2011.09.04 17:18:10 | 000,450,680 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.sys
[2011.09.04 17:18:10 | 000,386,168 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnets.sys
[2011.09.04 17:18:10 | 000,171,128 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\ironx64.sys
[2011.09.04 17:18:10 | 000,040,568 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.sys
[2011.09.04 17:18:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64\1206000.01D
[2011.09.04 17:14:27 | 000,174,200 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.09.04 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2011.09.04 17:14:27 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2011.09.04 17:14:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NISx64
[2011.09.04 17:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
[2011.09.04 17:14:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Internet Security
[2011.09.04 17:14:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2011.09.04 17:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.09.04 17:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2011.09.04 17:13:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2011.09.04 17:11:57 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.09.04 15:36:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.09.04 15:26:58 | 000,525,544 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.09.04 15:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011.09.04 15:19:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011.09.04 15:19:51 | 000,544,656 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2011.09.04 15:19:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2011.09.04 10:45:44 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\vlc
[2011.09.04 02:06:21 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\SleepTimerUltimate
[2011.09.04 01:15:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.09.04 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\Bioshock2
[2011.09.04 01:15:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Bioshock2
[2011.09.03 21:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.09.03 21:17:37 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2011.09.03 21:17:37 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2011.09.03 21:17:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.09.03 21:17:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.09.03 21:17:22 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2011.09.03 21:17:22 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2011.09.03 21:17:22 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2011.09.03 21:17:22 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2011.09.03 21:17:22 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2011.09.03 21:17:22 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2011.09.03 21:17:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2011.09.03 21:17:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2011.09.03 21:17:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2011.09.03 21:17:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2011.09.03 21:17:22 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2011.09.03 21:17:22 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2011.09.03 21:17:22 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2011.09.03 21:17:22 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2011.09.03 21:17:22 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2011.09.03 21:17:22 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2011.09.03 21:17:22 | 000,021,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_2.dll
[2011.09.03 21:17:22 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_2.dll
[2011.09.03 21:17:21 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2011.09.03 21:17:21 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011.09.03 21:17:21 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2011.09.03 21:17:21 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2011.09.03 21:17:21 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011.09.03 21:17:21 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2011.09.03 21:17:21 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2011.09.03 21:17:21 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2011.09.03 21:17:21 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2011.09.03 21:17:21 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2011.09.03 21:17:21 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2011.09.03 21:17:21 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2011.09.03 21:17:21 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2011.09.03 21:17:21 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2011.09.03 21:17:21 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2011.09.03 21:17:21 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2011.09.03 21:17:20 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2011.09.03 21:17:20 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2011.09.03 21:17:20 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2011.09.03 21:17:20 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2011.09.03 21:17:20 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2011.09.03 21:17:20 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2011.09.03 21:17:20 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2011.09.03 21:17:20 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2011.09.03 21:17:20 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2011.09.03 21:17:20 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2011.09.03 21:17:19 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2011.09.03 21:17:19 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2011.09.03 21:17:18 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2011.09.03 21:17:18 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2011.09.03 21:17:18 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2011.09.03 21:17:18 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2011.09.03 21:17:18 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2011.09.03 21:17:18 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2011.09.03 21:17:18 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2011.09.03 21:17:18 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2011.09.03 21:17:18 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2011.09.03 21:17:18 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2011.09.03 21:17:17 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2011.09.03 21:17:17 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2011.09.03 21:17:17 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2011.09.03 21:17:17 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2011.09.03 21:17:17 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2011.09.03 21:17:17 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2011.09.03 19:35:38 | 000,000,000 | -H-D | C] -- C:\Users\Matze\Documents\Runes of Magic
[2011.09.03 19:03:52 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\HP
[2011.09.03 19:03:33 | 000,270,912 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.09.03 19:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.09.03 19:03:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.09.03 19:02:58 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite
[2011.09.03 19:02:56 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.09.03 19:00:52 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\WinRAR
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.03 18:51:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.09.03 18:51:13 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.09.03 18:43:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2011.09.03 18:42:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnyDVD
[2011.09.03 18:41:16 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\AnyDVDHD
[2011.09.03 18:40:42 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2011.09.03 18:39:01 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Winamp
[2011.09.03 18:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.09.03 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.09.03 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.09.03 18:03:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ-Banner-Remover
[2011.09.03 18:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5
[2011.09.03 18:00:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.5
[2011.09.03 17:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.09.03 17:43:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2011.09.03 17:42:48 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2011.09.03 17:36:38 | 000,000,000 | ---D | C] -- C:\Users\Matze\Documents\ICQ
[2011.09.03 17:35:06 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\ICQ
[2011.09.03 17:35:05 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\AOL
[2011.09.03 17:20:14 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.03 16:58:30 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011.09.03 16:58:30 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011.09.03 16:58:30 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011.09.03 16:58:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011.09.03 16:58:30 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011.09.03 16:58:30 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011.09.03 16:58:30 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011.09.03 16:58:30 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011.09.03 16:58:30 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011.09.03 16:58:30 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011.09.03 16:58:28 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.09.03 16:58:28 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.09.03 16:58:28 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.09.03 16:58:28 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.09.03 16:58:28 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.09.03 16:58:28 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.09.03 16:58:28 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.09.03 16:58:28 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.09.03 16:58:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.09.03 16:58:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.09.03 16:58:28 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.09.03 16:58:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.09.03 16:58:28 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.09.03 16:58:28 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.09.03 16:58:28 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.09.03 16:58:28 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.09.03 16:58:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.09.03 16:58:25 | 000,702,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011.09.03 16:58:25 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.09.03 16:58:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.09.03 16:58:25 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.09.03 16:58:25 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.09.03 16:58:25 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.09.03 16:58:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.09.03 16:58:24 | 005,561,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011.09.03 16:58:24 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011.09.03 16:58:24 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011.09.01 16:55:36 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2011.09.01 16:55:36 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Thunderbird
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

MacManus · 08.09.2011, 21:49

Code:

ATTFilter

zu 4 teil 2 otl.txt:

========== Files - Modified Within 30 Days ==========
 
[2011.09.08 22:33:13 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 22:33:13 | 000,020,128 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.08 22:32:00 | 000,525,544 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2011.09.08 22:32:00 | 000,190,752 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2011.09.08 22:32:00 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2011.09.08 22:32:00 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2011.09.08 22:30:42 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.09.08 22:30:42 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.09.08 22:30:42 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.09.08 22:30:42 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.09.08 22:30:42 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.09.08 22:26:08 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\Windows\gdrv.sys
[2011.09.08 22:25:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.08 22:25:54 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.07 22:42:58 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.09.07 17:08:55 | 001,377,534 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.09.07 16:45:54 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Matze\Desktop\TDSSKiller.exe
[2011.09.06 17:55:21 | 000,089,088 | ---- | M] () -- C:\Windows\SysNative\mbr.exe
[2011.09.06 17:46:34 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011.09.06 17:46:33 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011.09.04 22:44:00 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2011.09.04 21:36:57 | 000,000,040 | -HS- | M] () -- C:\ProgramData\.zreglib
[2011.09.04 20:37:54 | 000,000,631 | ---- | M] () -- C:\Users\Matze\Desktop\MP3's.lnk
[2011.09.04 17:18:11 | 000,174,200 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2011.09.04 17:18:11 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.09.04 17:18:11 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.09.04 17:10:02 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini
[2011.09.04 16:06:18 | 000,001,590 | ---- | M] () -- C:\Users\Matze\Desktop\Bioshock2Launcher.lnk
[2011.09.03 19:03:33 | 000,270,912 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.09.03 18:43:20 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.09.03 18:28:11 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.03 18:00:57 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.09.03 17:20:14 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.09.01 16:58:17 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.07 22:42:58 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.09.07 22:42:58 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.09.06 17:57:43 | 000,089,088 | ---- | C] () -- C:\Windows\SysNative\mbr.exe
[2011.09.04 22:55:26 | 001,729,024 | ---- | C] () -- C:\Users\Matze\Desktop\SleepTimerUltimate.exe
[2011.09.04 22:45:20 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.09.04 22:45:20 | 000,001,941 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.09.04 22:45:20 | 000,001,920 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.09.04 21:17:24 | 001,377,534 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\Cat.DB
[2011.09.04 21:11:58 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.09.04 20:37:54 | 000,000,631 | ---- | C] () -- C:\Users\Matze\Desktop\MP3's.lnk
[2011.09.04 17:18:10 | 000,007,492 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.cat
[2011.09.04 17:18:10 | 000,007,462 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.cat
[2011.09.04 17:18:10 | 000,007,460 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa64.cat
[2011.09.04 17:18:10 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet64.cat
[2011.09.04 17:18:10 | 000,007,458 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.cat
[2011.09.04 17:18:10 | 000,003,373 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symefa.inf
[2011.09.04 17:18:10 | 000,002,792 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds.inf
[2011.09.04 17:18:10 | 000,001,446 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symnet.inf
[2011.09.04 17:18:10 | 000,001,438 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtsp64.inf
[2011.09.04 17:18:10 | 000,001,422 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\srtspx64.inf
[2011.09.04 17:18:10 | 000,000,772 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\iron.inf
[2011.09.04 17:18:08 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\isolate.ini
[2011.09.04 17:18:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\NISx64\1206000.01D\symds64.cat
[2011.09.04 17:14:27 | 000,007,488 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2011.09.04 17:14:27 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2011.09.04 16:06:18 | 000,001,590 | ---- | C] () -- C:\Users\Matze\Desktop\Bioshock2Launcher.lnk
[2011.09.03 19:35:22 | 000,000,764 | ---- | C] () -- C:\Users\Matze\Desktop\Runes of Magic.lnk
[2011.09.03 18:43:20 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.09.03 18:40:34 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.09.03 18:28:11 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.09.03 18:00:57 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk
[2011.09.03 17:52:17 | 000,002,098 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.09.01 16:58:17 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.07.28 16:27:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.28 16:26:06 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.23 15:25:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.23 15:04:42 | 000,245,255 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.07.23 15:04:42 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.07.23 15:01:11 | 000,245,419 | ---- | C] () -- C:\Windows\hpoins19.dat.temp
[2011.07.23 15:01:11 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat.temp
[2011.07.23 14:56:57 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.07.23 14:27:38 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.07.23 14:22:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.27 09:04:14 | 000,207,400 | R--- | C] () -- C:\Windows\GSetup.exe
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.06.01 21:06:00 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.09.03 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Babylon
[2011.09.06 22:02:26 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Bioshock2
[2011.07.24 11:38:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\CoSoSys
[2011.09.03 21:11:37 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DAEMON Tools Lite
[2011.09.03 17:42:48 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\DesktopIconForAmazon
[2011.09.06 00:24:00 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\ICQ
[2011.09.04 02:36:10 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\SleepTimerUltimate
[2011.09.04 17:12:38 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Splashtop
[2011.09.01 16:55:45 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Thunderbird
[2009.07.14 07:08:49 | 000,008,946 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

MacManus · 08.09.2011, 21:50

[Code]
zu 6 Extra.txt:OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 08.09.2011 22:37:02 - Run 3
OTL by OldTimer - Version 3.2.27.0     Folder = E:\downloads\Progs
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 78,33% Memory free
15,97 Gb Paging File | 14,17 Gb Available in Paging File | 88,77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 61,19 Gb Free Space | 62,72% Space Free | Partition Type: NTFS
Drive D: | 415,04 Gb Total Space | 285,79 Gb Free Space | 68,86% Space Free | Partition Type: NTFS
Drive E: | 418,82 Gb Total Space | 403,56 Gb Free Space | 96,36% Space Free | Partition Type: NTFS
Drive F: | 3,04 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 127,00 Gb Total Space | 126,91 Gb Free Space | 99,93% Space Free | Partition Type: NTFS
Drive H: | 127,00 Gb Total Space | 103,49 Gb Free Space | 81,49% Space Free | Partition Type: NTFS
Drive I: | 44,08 Gb Total Space | 40,61 Gb Free Space | 92,13% Space Free | Partition Type: NTFS
 
Computer Name: MATZE-PC | User Name: Matze | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{61A0AD38-9350-6C47-D72F-199B44DF7C90}" = ATI Catalyst Install Manager
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{997C9EC4-B53D-479D-81B7-0AEC8D174BA1}" = iTunes
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"DesktopIconAmazon" = Desktop Icon für Amazon
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.5 Build #5259 Banner Remover 1.0
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3A71BB59-9657-280F-BF32-8CDB7704DAAC}" = HydraVision
"{3B35725F-C623-4A1E-B5CC-99C0868679E3}" = Smart 6 B10.1221.1
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1216.1
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"DAEMON Tools Lite" = DAEMON Tools Lite
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B10.1216.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B10.1021.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Mozilla Firefox 6.0.1 (x86 de)" = Mozilla Firefox 6.0.1 (x86 de)
"Mozilla Thunderbird (6.0.1)" = Mozilla Thunderbird (6.0.1)
"NIS" = Norton Internet Security
"VLC media player" = VideoLAN VLC media player 0.8.6c
"Winamp" = Winamp
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.09.2011 14:26:46 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.09.2011 11:25:39 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 06.09.2011 13:33:34 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 06.09.2011 13:33:34 | Computer Name = Matze-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.09.2011 11:03:04 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.09.2011 16:12:40 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.09.2011 16:16:37 | Computer Name = Matze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Received from 192.168.1.2:5353   19 2.1.168.192.in-addr.arpa.
 PTR Matzes-iPod.local.
 
Error - 07.09.2011 16:16:37 | Computer Name = Matze-PC | Source = Bonjour Service | ID = 100
Description = mDNSCoreReceiveResponse: Unexpected conflict discarding   16 2.1.168.192.in-addr.arpa.
 PTR Matze-PC.local.
 
Error - 08.09.2011 16:17:16 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.09.2011 16:27:45 | Computer Name = Matze-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 23.07.2011 08:57:14 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 23.07.2011 09:33:05 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 28.07.2011 09:50:33 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 28.07.2011 09:59:41 | Computer Name = Matze-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft XML Core Services 4.0 Service
 Pack 2 für x64-basierte Systeme (KB973688)
 
Error - 28.07.2011 10:04:10 | Computer Name = Matze-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
 x64-basierte Systeme
 
Error - 28.07.2011 10:19:39 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 28.07.2011 10:39:45 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "Start" aufgrund folgenden Fehlers
 fehlgeschlagen:   %%5
 
Error - 31.08.2011 12:52:27 | Computer Name = Matze-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Update" wurde nicht richtig gestartet.
 
Error - 03.09.2011 19:49:08 | Computer Name = Matze-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 06.09.2011 12:01:36 | Computer Name = Matze-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\Matze\AppData\Local\Temp\mbr.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
 
< End of report >

--- --- ---

kira · 09.09.2011, 11:20

1.
Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript:

Code:

ATTFilter

:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
[2011.06.24 05:39:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.04 22:45:29 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.06.24 05:39:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.04.12 11:19:49 | 000,000,122 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.04.12 11:19:49 | 000,106,768 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell - "" = AutoRun
O33 - MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\Shell\AutoRun\command - "" = J:\Support\AutoRun\AutoRun.exe
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Run.exe
[2011.09.03 19:00:52 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Local\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.09.03 19:00:51 | 000,000,000 | ---D | M] -- C:\Users\Matze\AppData\Roaming\Babylon

:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

2.
reinige dein System mit Ccleaner:

"Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

3.

lade Dir SUPERAntiSpyware FREE Edition herunter.
installiere das Programm und update online.
starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

4.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► Wie ist den aktuellen Zustand des Rechners? Auffälligkeiten, Probleme?

MacManus · 10.09.2011, 09:38

Code:

ATTFilter

zu 1:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. F:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15b80ee8-b52b-11e0-9cc8-806e6f6e6963}\ not found.
File move failed. F:\setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dc64193-d64b-11e0-951d-1c6f65d92934}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5dc64193-d64b-11e0-951d-1c6f65d92934}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5dc64193-d64b-11e0-951d-1c6f65d92934}\ not found.
File J:\Support\AutoRun\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4d81df5-a7f4-11e0-8369-806e6f6e6963}\ not found.
File F:\Run.exe not found.
C:\Users\Matze\AppData\Local\Babylon\Setup\HtmlScreens folder moved successfully.
C:\Users\Matze\AppData\Local\Babylon\Setup folder moved successfully.
C:\Users\Matze\AppData\Local\Babylon folder moved successfully.
C:\Users\Matze\AppData\Roaming\Babylon folder moved successfully.
C:\ProgramData\Babylon folder moved successfully.
Folder C:\Users\Matze\AppData\Roaming\Babylon\ not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Matze
->Temp folder emptied: 4123700867 bytes
->Temporary Internet Files folder emptied: 30782171 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 80071886 bytes
->Flash cache emptied: 2505 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 24 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 54454314 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 638 bytes
RecycleBin emptied: 9550 bytes
 
Total Files Cleaned = 4.090,00 mb
 
 
OTL by OldTimer - Version 3.2.27.0 log created on 09102011_103229

Files\Folders moved on Reboot...
File move failed. F:\autorun.inf scheduled to be moved on reboot.
File move failed. F:\setup.exe scheduled to be moved on reboot.
C:\Users\Matze\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Matze\AppData\Local\Mozilla\Firefox\Profiles\7bwcp5u1.default\Cache\_CACHE_001_ moved successfully.
C:\Users\Matze\AppData\Local\Mozilla\Firefox\Profiles\7bwcp5u1.default\Cache\_CACHE_002_ moved successfully.
C:\Users\Matze\AppData\Local\Mozilla\Firefox\Profiles\7bwcp5u1.default\Cache\_CACHE_003_ moved successfully.
C:\Users\Matze\AppData\Local\Mozilla\Firefox\Profiles\7bwcp5u1.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\Matze\AppData\Local\Mozilla\Firefox\Profiles\7bwcp5u1.default\urlclassifier3.sqlite moved successfully.
C:\Users\Matze\AppData\Local\Mozilla\Firefox\Profiles\7bwcp5u1.default\XUL.mfl moved successfully.
File move failed. C:\Windows\S78BED8B4.tmp scheduled to be moved on reboot.

Registry entries deleted on Reboot...