| |
| |||||||
Log-Analyse und Auswertung: Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.UWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.12.2011, 18:14
| #1 |
 |  Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Hallo zusammen, vor einige Zeit habe ich Meldungen bekommen, dass die Windowsfirewall eingehende Verbindungen zu bestimmten Systemprogrammen (u.a. Explorer) blockiert. Daraufhin habe ich gestern angefangen mein System zunächst mit Hijackthis (das letzte mal als ich hier im Forum aktiv war, war das noch ein Standardprogramm  ) gescannt und ein verdächtiges File gefunden. Ein anschließender Komplettscan mit Antivir hat einige Funde, hauptsächlich die im Titel genannten geliefert.Nachdem verschieben in die Quarantäne hab ich das Board hier durchsucht und folgende Threads grob durchgeschaut: http://www.trojaner-board.de/101674-...en5-virus.html http://www.trojaner-board.de/90882-j...versch-tr.html Daraufhin habe ich nun Scans mit - Malwarebytes Anti Malware - OTL - hjtscanlist - ccleaner - gmer gemacht. Leider bin ich mit der Auswertung der Logs nicht vertraut. Die Meldungen der Windowsfirewall haben nach dem Scan mit Antivir aufgehört. Trotzdem würde ich mich sehr darüber freuen, wenn mich jemand bei der Auswertung der diversen Logs unterstützt (ich glaube noch nicht wirklich, dass Antivir alles gelöst haben soll) Besten Dank im Voraus Edith meinte: Ich habe auf dem Rechner noch eine laufen Kubuntu Installation, falls es der Diagnose / Reparatur dient. OTL Log: (Restliche Logs sind als zip angehängt) OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.12.2011 23:35:47 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tommy\Desktop Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19154) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,90 Gb Available Physical Memory | 54,28% Memory free 5,38 Gb Paging File | 3,95 Gb Available in Paging File | 73,42% Paging File free Paging file location(s): d:\pagefile.sys 2024 2024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,01 Gb Total Space | 10,79 Gb Free Space | 21,57% Space Free | Partition Type: NTFS Drive D: | 93,13 Gb Total Space | 19,10 Gb Free Space | 20,51% Space Free | Partition Type: NTFS Computer Name: TMSL | User Name: Tommy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tommy\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Opera\opera.exe (Opera Software) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Progs\RMClock\RMClock.exe (NGO Science Center "RightMark") PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP2014MC.EXE (Software 2000 Limited) PRC - C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.) PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Program Files\Notepad++\NppShell_01.dll () MOD - C:\Windows\System32\bcmwlrmt.dll () ========== Win32 Services (SafeList) ========== SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (AESTFilters) -- File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (VWL) -- C:\Users\Tommy\AppData\Local\Temp\VWL.exe (Sysinternals - www.sysinternals.com) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (vmserverdWin32) -- C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe (IDT, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (NvcRpcServer) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (matlabserver) -- C:\Progs\Matlab\webserver\bin\win32\matlabserver.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HssDrv) -- C:\Windows\System32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Corporate Edition\kerneld.wnt () DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (UDXTTM6010) -- C:\Windows\System32\drivers\UDXTTM6010.sys () DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (vstor2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) DRV - (Eacfilt) -- C:\Windows\System32\drivers\eacfilt.sys (Nortel Networks) DRV - (IPSECSHM) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (IPSECEXT) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (RTCore32) -- C:\Progs\RMClock\RTCore32.sys () DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3 FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.7 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.adminvip.com/" FF - prefs.js..network.proxy.http: "94.76.239.95" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.socks_version: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Progs\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Progs\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 10:03:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.12 07:51:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Progs\Thunderbird\components [2011.02.17 14:18:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Progs\Thunderbird\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M] [2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions [2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.21 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions [2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.20 20:25:01 | 000,000,000 | ---D | M] (Aero Fox Silver XL) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66} [2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f} [2011.11.21 20:52:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.14 15:29:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.14 15:29:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.12.20 20:25:12 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com [2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\chrome [2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\defaults [2010.12.20 20:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions [2011.05.16 21:22:51 | 000,005,212 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\0w1774ub.default\searchplugins\ecosia.xml [2011.02.18 23:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008.09.24 12:00:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} [2010.04.19 15:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.02.04 09:09:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.18 23:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2008.06.17 22:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [2011.11.14 10:03:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 () (No name found) -- C:\USERS\TOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W1774UB.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI [2011.10.12 07:51:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.21 16:45:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009.09.25 16:01:26 | 000,071,016 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsharedview.dll [2011.10.12 07:51:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.12 07:51:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.12 07:51:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.12 07:51:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.12 07:51:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.12 07:51:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RMClock] C:\Progs\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark") O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACC3C84-F456-4F14-B5CE-7D7ACF0999E8}: DhcpNameServer = 192.168.11.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DA2D11-279B-43DE-ACE2-F1D3DD0A5D22}: NameServer = 10.90.24.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: D:\Daten\Apophysis\fairytreeback.jpg O24 - Desktop BackupWallPaper: D:\Daten\Apophysis\fairytreeback.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell - "" = AutoRun O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.11 22:47:23 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe [2011.12.11 21:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.11 21:04:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.30 20:02:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Crayon Physics Deluxe [2011.11.30 19:58:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe [2011.11.30 19:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crayon Physics Deluxe [2011.11.30 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\Tommy\.KoalaNext [2011.11.30 16:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.30 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM [2011.11.14 10:04:31 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Local\DDMSettings [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.11 23:36:44 | 000,002,097 | ---- | M] () -- C:\Users\Tommy\Desktop\hjtscanlist.zip [2011.12.11 22:47:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tommy\Desktop\OTL.exe [2011.12.11 22:43:59 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.11 22:25:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 22:25:40 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 21:04:10 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.11 16:32:42 | 000,621,126 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.11 16:32:42 | 000,589,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.11 16:32:42 | 000,123,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.11 16:32:42 | 000,102,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.11 16:26:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.12.11 16:26:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.11 16:25:53 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.11 16:25:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.11 16:24:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.12.11 16:09:50 | 000,113,677 | ---- | M] () -- C:\Users\Tommy\Desktop\icufa.7z [2011.12.11 15:43:35 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.07 17:23:24 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2011.12.07 17:02:49 | 000,097,128 | ---- | M] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf [2011.11.30 17:34:29 | 000,011,992 | ---- | M] () -- C:\Users\Tommy\Desktop\koala.jnlp [2011.11.30 17:25:58 | 000,355,517 | ---- | M] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf [2011.11.30 16:29:58 | 000,131,729 | ---- | M] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf [2011.11.21 20:21:14 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.14 16:13:15 | 000,073,728 | ---- | M] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.11 23:36:44 | 000,002,097 | ---- | C] () -- C:\Users\Tommy\Desktop\hjtscanlist.zip [2011.12.11 21:04:10 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.11 16:09:50 | 000,113,677 | ---- | C] () -- C:\Users\Tommy\Desktop\icufa.7z [2011.12.07 17:02:39 | 000,097,128 | ---- | C] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf [2011.11.30 17:46:14 | 000,011,992 | ---- | C] () -- C:\Users\Tommy\Desktop\koala.jnlp [2011.11.30 17:23:29 | 000,355,517 | ---- | C] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf [2011.11.30 16:29:58 | 000,131,729 | ---- | C] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf [2011.07.05 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.05.22 10:21:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.01 15:07:09 | 000,000,269 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\rftg [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.22 18:00:29 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2011.01.22 18:00:29 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2011.01.22 18:00:09 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2011.01.22 18:00:09 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2010.11.10 10:11:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.11.10 10:11:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010.10.17 18:36:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.09.16 19:27:47 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll [2010.09.16 19:27:47 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll [2010.09.16 19:27:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll [2010.02.23 12:07:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.26 08:58:01 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini [2010.01.20 18:10:59 | 000,007,497 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\gnuplot_history [2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.30 19:51:32 | 000,596,896 | ---- | C] () -- C:\Windows\System32\drivers\UDXTTM6010.sys [2009.10.18 18:39:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.09.02 10:47:27 | 000,000,000 | ---- | C] () -- C:\Windows\IMAGETOPDF.INI [2009.09.02 09:12:05 | 000,139,264 | ---- | C] () -- C:\Windows\gswin32c.exe [2009.06.08 17:26:48 | 000,000,313 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.06.08 17:04:01 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.06.08 17:04:01 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.27 08:00:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.27 08:00:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.27 07:59:40 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.05.08 22:10:05 | 000,023,888 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\UserTile.png [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb [2008.10.16 17:51:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPMLVS.DLL [2008.10.01 13:05:16 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini [2008.08.07 15:15:24 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat [2008.07.27 16:43:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.22 07:22:34 | 000,073,728 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.16 19:46:25 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.06.16 18:54:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.06.16 18:54:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.06.16 18:54:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.06.16 18:54:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.06.16 18:54:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.06.16 18:54:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.06.16 18:54:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.06.16 18:54:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.06.16 18:54:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.06.16 18:54:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.06.16 18:54:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.06.16 18:54:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.06.16 18:54:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.06.16 18:54:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.06.16 18:54:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.06.16 18:40:09 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.16 18:40:08 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.06.07 21:29:31 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2008.06.07 20:12:10 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.001 [2008.06.07 19:58:39 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.dat [2008.06.07 17:36:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008.06.07 17:36:07 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2008.06.07 17:25:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.06.07 17:15:10 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat [2007.07.25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 16:42:41 | 000,621,126 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:42:41 | 000,123,858 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 000,317,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,589,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,102,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000073.DLL [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll < End of report > Geändert von Olorin (12.12.2011 um 18:18 Uhr) Grund: hilft möglicherweise der diagnose / reparatur |
|
13.12.2011, 13:05
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
13.12.2011, 22:08
| #3 |
| | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Hey,
__________________ich hab' noch zwei QuickScan Logs. (Sind für mich aber ziemlich aussagelos.) Code:
ATTFilter Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Datenbank Version: 8352
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19154
11.12.2011 21:10:14
mbam-log-2011-12-11 (21-10-14).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 161179
Laufzeit: 3 Minute(n), 46 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6610
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
18.05.2011 20:41:56
mbam-log-2011-05-18 (20-41-56).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146105
Laufzeit: 3 Minute(n), 47 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
º º
hjtscanlist v2.0
º º
$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$
Microsoft Windows [Version 6.0.6002]
C:
11.12.2011 19:51 C:\System Volume Information --------- 20480
18.10.2011 15:42 C:\ProgramData --------- 12288
18.10.2011 15:42 C:\Program Files --------- 24576
14.07.2011 21:20 C:\Windows --------- 28672
23.03.2011 19:12 C:\Progs --------- 12288
14.01.2010 22:17 C:\Hotspot Shield --------- 0
18.10.2009 16:11 C:\Dell --------- 0
13.06.2009 17:24 C:\pagefile.sys --------- 4069675008
29.05.2009 08:49 C:\IO.SYS --------- 0
29.05.2009 08:49 C:\MSDOS.SYS --------- 0
27.05.2009 08:17 C:\Boot --------- 4096
12.04.2009 22:20 C:\.rnd --------- 1024
11.04.2009 07:36 C:\bootmgr --------- 333257
27.10.2008 18:37 C:\wubildr.mbr --------- 8192
27.10.2008 18:37 C:\wubildr --------- 192307
02.10.2008 17:43 C:\Application Data --------- 0
07.06.2008 18:11 C:\PerfLogs --------- 0
07.06.2008 18:05 C:\BOOTSECT.BAK --------- 8192
07.06.2008 17:20 C:\Intel --------- 0
07.06.2008 17:15 C:\$Recycle.Bin --------- 0
07.06.2008 17:15 C:\Users --------- 4096
07.06.2008 17:13 C:\Programme --------- 0
07.06.2008 17:13 C:\Dokumente und Einstellungen --------- 0
02.11.2006 14:02 C:\Documents and Settings --------- 0
18.09.2006 22:43 C:\config.sys --------- 10
18.09.2006 22:43 C:\autoexec.bat --------- 24
----------------------------------------
C:\Windows
12.12.2011 17:02 C:\Windows\bootstat.dat --------- 67584
11.12.2011 23:41 C:\Windows\bthservsdp.dat --------- 12
12.12.2011 17:05 C:\Windows\WindowsUpdate.log --------- 1601077
14.11.2011 15:56 C:\Windows\setupact.log --------- 36373
18.10.2011 18:29 C:\Windows\PFRO.log --------- 126318
26.04.2011 08:57 C:\Windows\DirectX.log --------- 232662
26.04.2011 08:57 C:\Windows\DXError.log --------- 810
26.04.2011 08:56 C:\Windows\KB893803v2.log --------- 554
06.04.2011 07:00 C:\Windows\IE9_main.log --------- 2438
22.01.2011 17:39 C:\Windows\BB5E51A397ED16FD.log --------- 48
20.03.2010 13:36 C:\Windows\win.ini --------- 191
27.01.2010 20:10 C:\Windows\setuperr.log --------- 0
26.01.2010 08:58 C:\Windows\ricdb.ini --------- 78
25.11.2009 15:04 C:\Windows\msxml4-KB973688-enu.LOG --------- 291736
06.11.2009 16:58 C:\Windows\boinc.scr --------- 803584
02.09.2009 10:47 C:\Windows\IMAGETOPDF.INI --------- 0
10.07.2009 12:10 C:\Windows\WLXPGSS.SCR --------- 307568
08.06.2009 17:29 C:\Windows\SIERRA.INI --------- 313
29.04.2009 07:56 C:\Windows\ie8_main.log --------- 2084
11.04.2009 07:27 C:\Windows\explorer.exe --------- 2926592
05.02.2009 06:28 C:\Windows\gswin32c.exe --------- 139264
14.11.2008 09:18 C:\Windows\msxml4-KB954430-enu.LOG --------- 281816
10.11.2008 23:14 C:\Windows\msxml4-KB936181-enu.LOG --------- 172576
16.10.2008 17:52 C:\Windows\DPINST.LOG --------- 18552
01.10.2008 13:18 C:\Windows\matlab.ini --------- 157
07.08.2008 15:15 C:\Windows\eReg.dat --------- 616
12.06.2008 00:07 C:\Windows\msxml4-KB941833-enu.LOG --------- 254788
07.06.2008 22:47 C:\Windows\BDPackLog.log --------- 87
07.06.2008 22:47 C:\Windows\MDLog.log --------- 157
07.06.2008 21:29 C:\Windows\oodcnt.INI --------- 0
07.06.2008 19:22 C:\Windows\ydi.log --------- 112924
07.06.2008 18:16 C:\Windows\WindowsShell.Manifest --------- 749
07.06.2008 18:15 C:\Windows\DtcInstall.log --------- 2257
07.06.2008 17:59 C:\Windows\SPInstall.etl --------- 196608
07.06.2008 17:36 C:\Windows\bcmwl.log --------- 15170
07.06.2008 17:09 C:\Windows\TSSysprep.log --------- 1313
06.06.2008 13:54 C:\Windows\UNRecode.exe --------- 972072
18.01.2008 22:33 C:\Windows\regedit.exe --------- 134656
18.01.2008 22:33 C:\Windows\notepad.exe --------- 151040
18.01.2008 22:33 C:\Windows\HelpPane.exe --------- 498176
18.01.2008 22:33 C:\Windows\fveupdate.exe --------- 13312
18.01.2008 22:33 C:\Windows\bfsvc.exe --------- 58880
22.02.2007 03:06 C:\Windows\DELL_VERSION --------- 32
02.11.2006 13:36 C:\Windows\WMSysPr9.prx --------- 316640
02.11.2006 13:35 C:\Windows\twunk_16.exe --------- 49680
02.11.2006 13:35 C:\Windows\twunk_32.exe --------- 31232
02.11.2006 13:35 C:\Windows\twain_32.dll --------- 50688
02.11.2006 13:35 C:\Windows\twain.dll --------- 94784
02.11.2006 10:45 C:\Windows\winhlp32.exe --------- 9216
02.11.2006 10:45 C:\Windows\hh.exe --------- 14848
02.11.2006 08:46 C:\Windows\mib.bin --------- 43131
19.09.2006 12:41 C:\Windows\Business.xml --------- 4261
18.09.2006 22:46 C:\Windows\system.ini --------- 219
18.09.2006 22:43 C:\Windows\_default.pif --------- 707
18.09.2006 22:43 C:\Windows\winhelp.exe --------- 256192
18.09.2006 22:30 C:\Windows\msdfmap.ini --------- 1405
30.08.2005 20:36 C:\Windows\UNRecode.cfg --------- 50
17.03.2002 01:00 C:\Windows\UA000073.DLL --------- 7420
29.10.1998 15:45 C:\Windows\IsUninst.exe --------- 306688
21.10.1998 17:43 C:\Windows\IsUn0407.exe --------- 328704
01.10.1998 16:22 C:\Windows\uninst.exe --------- 299520
----------------------------------------
C:\Windows\System
02.11.2006 13:35 C:\Windows\System\mciseq.drv --------- 25264
02.11.2006 13:35 C:\Windows\System\mciwave.drv --------- 28160
02.11.2006 13:35 C:\Windows\System\avifile.dll --------- 109456
02.11.2006 13:35 C:\Windows\System\mciavi.drv --------- 73376
02.11.2006 13:35 C:\Windows\System\avicap.dll --------- 69584
02.11.2006 13:35 C:\Windows\System\msvideo.dll --------- 126912
02.11.2006 08:10 C:\Windows\System\OLESVR.DLL --------- 24064
02.11.2006 08:10 C:\Windows\System\WFWNET.DRV --------- 12704
02.11.2006 08:10 C:\Windows\System\COMMDLG.DLL --------- 32816
02.11.2006 08:10 C:\Windows\System\TIMER.DRV --------- 4048
02.11.2006 08:10 C:\Windows\System\MMSYSTEM.DLL --------- 68992
02.11.2006 08:10 C:\Windows\System\mmtask.tsk --------- 1152
02.11.2006 08:10 C:\Windows\System\mouse.drv --------- 2032
02.11.2006 08:10 C:\Windows\System\vga.drv --------- 2176
02.11.2006 08:10 C:\Windows\System\sound.drv --------- 1744
02.11.2006 08:10 C:\Windows\System\keyboard.drv --------- 2000
02.11.2006 08:10 C:\Windows\System\SHELL.DLL --------- 5120
02.11.2006 08:10 C:\Windows\System\system.drv --------- 3360
18.09.2006 22:43 C:\Windows\System\ver.dll --------- 9008
18.09.2006 22:43 C:\Windows\System\olecli.dll --------- 82944
18.09.2006 22:43 C:\Windows\System\lzexpand.dll --------- 9936
18.09.2006 22:35 C:\Windows\System\stdole.tlb --------- 5532
----------------------------------------
C:\Windows\System32
12.12.2011 17:02 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 --------- 3648
12.12.2011 17:02 C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 --------- 3648
11.12.2011 23:34 C:\Windows\system32\drivers --------- 65536
11.12.2011 16:32 C:\Windows\system32\perfh009.dat --------- 589862
11.12.2011 16:32 C:\Windows\system32\perfc009.dat --------- 102460
11.12.2011 16:32 C:\Windows\system32\perfc007.dat --------- 123858
11.12.2011 16:32 C:\Windows\system32\perfh007.dat --------- 621126
11.12.2011 16:32 C:\Windows\system32\PerfStringBackup.INI --------- 1426730
07.12.2011 17:23 C:\Windows\system32\MpSigStub.exe --------- 222080
30.11.2011 16:44 C:\Windows\system32\Tasks --------- 12288
21.11.2011 20:21 C:\Windows\system32\FlashPlayerCPLApp.cpl --------- 414368
14.11.2011 15:25 C:\Windows\system32\catroot2 --------- 12288
12.11.2011 21:18 C:\Windows\system32\catroot --------- 4096
08.11.2011 22:11 C:\Windows\system32\mrt.exe --------- 50295240
21.10.2011 00:26 C:\Windows\system32\dpl100.dll --------- 94208
13.10.2011 07:18 C:\Windows\system32\FNTCACHE.DAT --------- 317984
12.10.2011 20:49 C:\Windows\system32\migration --------- 0
12.10.2011 20:49 C:\Windows\system32\de-DE --------- 204800
12.10.2011 16:12 C:\Windows\system32\directx --------- 0
01.10.2011 00:06 C:\Windows\system32\wininet.dll --------- 916480
01.10.2011 00:06 C:\Windows\system32\urlmon.dll --------- 1212416
01.10.2011 00:06 C:\Windows\system32\url.dll --------- 105984
01.10.2011 00:04 C:\Windows\system32\occache.dll --------- 206848
01.10.2011 00:03 C:\Windows\system32\mstime.dll --------- 611840
01.10.2011 00:02 C:\Windows\system32\mshtml.dll --------- 5971456
01.10.2011 00:02 C:\Windows\system32\mshtmled.dll --------- 66560
01.10.2011 00:02 C:\Windows\system32\msfeedsbs.dll --------- 55296
01.10.2011 00:02 C:\Windows\system32\msfeeds.dll --------- 602112
01.10.2011 00:02 C:\Windows\system32\licmgr10.dll --------- 43520
01.10.2011 00:01 C:\Windows\system32\jsproxy.dll --------- 25600
01.10.2011 00:01 C:\Windows\system32\inetcpl.cpl --------- 1469440
01.10.2011 00:01 C:\Windows\system32\ieui.dll --------- 164352
01.10.2011 00:01 C:\Windows\system32\iesysprep.dll --------- 109056
01.10.2011 00:01 C:\Windows\system32\iertutil.dll --------- 2000384
01.10.2011 00:01 C:\Windows\system32\iesetup.dll --------- 71680
01.10.2011 00:01 C:\Windows\system32\iernonce.dll --------- 55808
01.10.2011 00:01 C:\Windows\system32\iepeers.dll --------- 184320
01.10.2011 00:01 C:\Windows\system32\ieframe.dll --------- 11081728
01.10.2011 00:01 C:\Windows\system32\iedkcs32.dll --------- 387584
30.09.2011 23:07 C:\Windows\system32\html.iec --------- 385024
30.09.2011 22:29 C:\Windows\system32\ieUnatt.exe --------- 133632
30.09.2011 22:29 C:\Windows\system32\ie4uinit.exe --------- 174080
30.09.2011 22:29 C:\Windows\system32\msfeedssync.exe --------- 13312
30.09.2011 22:28 C:\Windows\system32\mshtml.tlb --------- 1638912
06.09.2011 14:30 C:\Windows\system32\win32k.sys --------- 2043392
25.08.2011 17:15 C:\Windows\system32\UIAutomationCore.dll --------- 555520
25.08.2011 17:14 C:\Windows\system32\oleaut32.dll --------- 563712
25.08.2011 17:14 C:\Windows\system32\oleacc.dll --------- 238080
25.08.2011 14:31 C:\Windows\system32\oleaccrc.dll --------- 4096
29.07.2011 17:01 C:\Windows\system32\psisdecd.dll --------- 293376
29.07.2011 17:01 C:\Windows\system32\psisrndr.ax --------- 217088
29.07.2011 17:00 C:\Windows\system32\MSDvbNP.ax --------- 57856
29.07.2011 17:00 C:\Windows\system32\Mpeg2Data.ax --------- 69632
15.07.2011 14:13 C:\Windows\system32\maestro-server.log --------- 40
11.07.2011 14:25 C:\Windows\system32\tzres.dll --------- 2048
05.07.2011 19:25 C:\Windows\system32\cd.dat --------- 0
03.07.2011 22:16 C:\Windows\system32\wbem --------- 61440
03.07.2011 22:15 C:\Windows\system32\pt-BR --------- 0
03.07.2011 22:15 C:\Windows\system32\bg-BG --------- 0
03.07.2011 22:15 C:\Windows\system32\it-IT --------- 0
03.07.2011 22:15 C:\Windows\system32\he-IL --------- 0
03.07.2011 22:15 C:\Windows\system32\pt-PT --------- 0
03.07.2011 22:15 C:\Windows\system32\pl-PL --------- 0
03.07.2011 22:15 C:\Windows\system32\uk-UA --------- 0
03.07.2011 22:15 C:\Windows\system32\ko-KR --------- 0
03.07.2011 22:15 C:\Windows\system32\hu-HU --------- 0
03.07.2011 22:15 C:\Windows\system32\hr-HR --------- 0
03.07.2011 22:15 C:\Windows\system32\sl-SI --------- 0
03.07.2011 22:15 C:\Windows\system32\zh-HK --------- 0
03.07.2011 22:15 C:\Windows\system32\el-GR --------- 0
03.07.2011 22:15 C:\Windows\system32\nl-NL --------- 0
03.07.2011 22:15 C:\Windows\system32\fr-FR --------- 0
03.07.2011 22:15 C:\Windows\system32\fi-FI --------- 0
03.07.2011 22:15 C:\Windows\system32\sr-Latn-CS --------- 0
03.07.2011 22:15 C:\Windows\system32\tr-TR --------- 0
03.07.2011 22:15 C:\Windows\system32\th-TH --------- 0
03.07.2011 22:15 C:\Windows\system32\sv-SE --------- 0
03.07.2011 22:15 C:\Windows\system32\es-ES --------- 0
03.07.2011 22:15 C:\Windows\system32\lv-LV --------- 0
03.07.2011 22:15 C:\Windows\system32\lt-LT --------- 0
03.07.2011 22:15 C:\Windows\system32\zh-TW --------- 0
03.07.2011 22:15 C:\Windows\system32\sk-SK --------- 0
03.07.2011 22:15 C:\Windows\system32\et-EE --------- 0
03.07.2011 22:15 C:\Windows\system32\cs-CZ --------- 0
03.07.2011 22:15 C:\Windows\system32\zh-CN --------- 0
03.07.2011 22:15 C:\Windows\system32\ja-JP --------- 0
03.07.2011 22:15 C:\Windows\system32\ar-SA --------- 0
03.07.2011 22:15 C:\Windows\system32\ro-RO --------- 0
03.07.2011 22:15 C:\Windows\system32\ru-RU --------- 0
03.07.2011 22:15 C:\Windows\system32\nb-NO --------- 0
03.07.2011 22:15 C:\Windows\system32\da-DK --------- 0
03.07.2011 22:15 C:\Windows\system32\en-US --------- 8192
20.06.2011 09:54 C:\Windows\system32\ntkrnlpa.exe --------- 3602832
20.06.2011 09:54 C:\Windows\system32\ntoskrnl.exe --------- 3550096
17.06.2011 17:03 C:\Windows\system32\winsrv.dll --------- 375808
11.06.2011 00:58 C:\Windows\system32\mfcm100u.dll --------- 81744
11.06.2011 00:58 C:\Windows\system32\vcomp100.dll --------- 51024
11.06.2011 00:58 C:\Windows\system32\mfc100deu.dll --------- 64336
11.06.2011 00:58 C:\Windows\system32\mfc100cht.dll --------- 36176
11.06.2011 00:58 C:\Windows\system32\msvcr100.dll --------- 773968
----------------------------------------
C:\Windows\Prefetch
----------------------------------------
C:\Windows\Tasks
12.12.2011 17:02 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job --------- 1090
12.12.2011 17:02 C:\Windows\Tasks\SA.DAT --------- 6
11.12.2011 23:41 C:\Windows\Tasks\SCHEDLGU.TXT --------- 32510
11.12.2011 22:43 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job --------- 1094
----------------------------------------
C:\Windows\Temp
11.12.2011 15:54 C:\Windows\Temp\MpSigStub.log --------- 715158
11.12.2011 15:54 C:\Windows\Temp\11BBA8FFCBA786A43AC72355BA7713D4-Sigs --------- 0
18.10.2011 16:29 C:\Windows\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111018_172921250.html --------- 78986
18.10.2011 16:29 C:\Windows\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111018_172921250-Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-MSP0.txt --------- 396772
18.10.2011 16:29 C:\Windows\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219 --------- 0
18.10.2011 15:43 C:\Windows\Temp\AVSETUP_4e9d9023 --------- 0
16.10.2011 20:48 C:\Windows\Temp\AskSLib.dll --------- 246440
08.09.2011 18:00 C:\Windows\Temp\vminst.log --------- 2156651
15.06.2011 15:16 C:\Windows\Temp\dd_vcredistUI641B.txt --------- 14232
15.06.2011 15:16 C:\Windows\Temp\dd_vcredistMSI641B.txt --------- 467470
21.05.2011 09:31 C:\Windows\Temp\FOR95D1.tmp --------- 1409
21.05.2011 09:31 C:\Windows\Temp\TTR95D0.tmp --------- 24292
21.05.2011 09:31 C:\Windows\Temp\FOR94F2.tmp --------- 1409
21.05.2011 09:31 C:\Windows\Temp\FOR9504.tmp --------- 1409
21.05.2011 09:31 C:\Windows\Temp\TTR9503.tmp --------- 19492
21.05.2011 09:31 C:\Windows\Temp\TTR94F1.tmp --------- 38860
21.05.2011 09:31 C:\Windows\Temp\FOR94D1.tmp --------- 1409
21.05.2011 09:31 C:\Windows\Temp\TTR94D0.tmp --------- 38136
16.05.2011 07:15 C:\Windows\Temp\TTR1E8D.tmp --------- 45128
16.05.2011 07:15 C:\Windows\Temp\FOR1E8E.tmp --------- 1409
16.05.2011 07:10 C:\Windows\Temp\FOR45E9.tmp --------- 1409
16.05.2011 07:10 C:\Windows\Temp\TTR45E8.tmp --------- 45128
16.05.2011 07:10 C:\Windows\Temp\FOR45E7.tmp --------- 1409
16.05.2011 07:10 C:\Windows\Temp\TTR45E6.tmp --------- 44268
29.04.2011 06:38 C:\Windows\Temp\FORB636.tmp --------- 1409
29.04.2011 06:38 C:\Windows\Temp\TTRB635.tmp --------- 45128
16.04.2011 11:20 C:\Windows\Temp\FOR8D88.tmp --------- 1409
16.04.2011 11:20 C:\Windows\Temp\TTR8D87.tmp --------- 44268
16.04.2011 11:20 C:\Windows\Temp\FOR8D86.tmp --------- 1409
16.04.2011 11:20 C:\Windows\Temp\TTR8D85.tmp --------- 45128
16.04.2011 11:19 C:\Windows\Temp\FORA048.tmp --------- 1409
16.04.2011 11:19 C:\Windows\Temp\TTRA047.tmp --------- 41004
16.04.2011 11:19 C:\Windows\Temp\FORA037.tmp --------- 1409
16.04.2011 11:19 C:\Windows\Temp\TTRA036.tmp --------- 39800
15.04.2011 21:23 C:\Windows\Temp\hss_update.exe --------- 3461104
13.04.2011 15:02 C:\Windows\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20110413_160213904.html --------- 94562
13.04.2011 15:02 C:\Windows\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20110413_160213904-Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319-MSP0.txt --------- 305472
13.04.2011 15:02 C:\Windows\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20110413_160213904-MSI_vc_red.msi.txt --------- 380902
13.04.2011 15:02 C:\Windows\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.30319 --------- 0
13.04.2011 15:01 C:\Windows\Temp\dd_vcredistUI1EC8.txt --------- 11688
13.04.2011 15:01 C:\Windows\Temp\dd_vcredistMSI1EC8.txt --------- 466388
13.01.2011 17:20 C:\Windows\Temp\FOR4EE6.tmp --------- 1409
13.01.2011 17:20 C:\Windows\Temp\TTR4EE5.tmp --------- 22220
13.01.2011 17:20 C:\Windows\Temp\FOR4ED4.tmp --------- 1409
13.01.2011 17:20 C:\Windows\Temp\TTR4ED3.tmp --------- 19552
01.10.2010 09:42 C:\Windows\Temp\Microsoft .NET Framework 3.5-KB2416473_20101001_084212083.html --------- 86648
01.10.2010 09:42 C:\Windows\Temp\Microsoft .NET Framework 3.5-KB2416473_20101001_084212083-Msi0.txt --------- 957962
01.10.2010 09:42 C:\Windows\Temp\dd_clwireg.txt --------- 4150
30.09.2010 16:41 C:\Windows\Temp\is7040.tmp --------- 0
30.09.2010 16:40 C:\Windows\Temp\isC8E.tmp --------- 0
30.09.2010 16:40 C:\Windows\Temp\._msige52 --------- 0
21.08.2010 08:21 C:\Windows\Temp\TTR61BE.tmp --------- 4464
21.08.2010 08:21 C:\Windows\Temp\FOR61BD.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\FOR61BF.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\TTR61AC.tmp --------- 4844
21.08.2010 08:21 C:\Windows\Temp\FOR6035.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\TTR6034.tmp --------- 14088
21.08.2010 08:21 C:\Windows\Temp\FOR6033.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\TTR6032.tmp --------- 4716
21.08.2010 08:21 C:\Windows\Temp\FOR6021.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\TTR6020.tmp --------- 7300
21.08.2010 08:21 C:\Windows\Temp\FOR601F.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\TTR601E.tmp --------- 4308
21.08.2010 08:21 C:\Windows\Temp\FOR601D.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\TTR601C.tmp --------- 5488
21.08.2010 08:21 C:\Windows\Temp\FOR600B.tmp --------- 1409
21.08.2010 08:21 C:\Windows\Temp\TTR600A.tmp --------- 20744
15.08.2010 13:22 C:\Windows\Temp\FOR9B7C.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR9B7B.tmp --------- 4632
15.08.2010 13:22 C:\Windows\Temp\FOR9B7A.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR9B79.tmp --------- 4760
15.08.2010 13:22 C:\Windows\Temp\FOR99A4.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR99A3.tmp --------- 4848
15.08.2010 13:22 C:\Windows\Temp\FOR99A2.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR99A1.tmp --------- 5556
15.08.2010 13:22 C:\Windows\Temp\FOR98E5.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR98E4.tmp --------- 4664
15.08.2010 13:22 C:\Windows\Temp\FOR98E3.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR98E2.tmp --------- 8292
15.08.2010 13:22 C:\Windows\Temp\FOR98D2.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR98D1.tmp --------- 6440
15.08.2010 13:22 C:\Windows\Temp\FOR98A1.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR98A0.tmp --------- 7380
15.08.2010 13:22 C:\Windows\Temp\FOR989F.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR988E.tmp --------- 7840
15.08.2010 13:22 C:\Windows\Temp\FOR988D.tmp --------- 1409
15.08.2010 13:22 C:\Windows\Temp\TTR988C.tmp --------- 10624
11.08.2010 14:42 C:\Windows\Temp\MSIfe993.LOG --------- 164876
20.07.2010 12:34 C:\Windows\Temp\FOR399F.tmp --------- 1409
20.07.2010 12:34 C:\Windows\Temp\TTR399E.tmp --------- 29108
20.07.2010 12:34 C:\Windows\Temp\FOR398D.tmp --------- 1409
20.07.2010 12:34 C:\Windows\Temp\TTR398C.tmp --------- 27488
20.07.2010 12:34 C:\Windows\Temp\FOR396C.tmp --------- 1409
20.07.2010 12:34 C:\Windows\Temp\TTR396B.tmp --------- 40028
03.07.2010 08:19 C:\Windows\Temp\FORABEC.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRABEB.tmp --------- 7036
03.07.2010 08:19 C:\Windows\Temp\FORAA83.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\FORAA71.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRAA82.tmp --------- 20428
03.07.2010 08:19 C:\Windows\Temp\FORAA60.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRAA70.tmp --------- 16540
03.07.2010 08:19 C:\Windows\Temp\TTRAA5F.tmp --------- 8460
03.07.2010 08:19 C:\Windows\Temp\FORAA1F.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRAA0F.tmp --------- 4500
03.07.2010 08:19 C:\Windows\Temp\FORA9EF.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRA9EE.tmp --------- 20888
03.07.2010 08:19 C:\Windows\Temp\FORA9CD.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRA9CC.tmp --------- 7668
03.07.2010 08:19 C:\Windows\Temp\TTRA9CA.tmp --------- 25232
03.07.2010 08:19 C:\Windows\Temp\FORA9BA.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\FORA9CB.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRA9B9.tmp --------- 12712
03.07.2010 08:19 C:\Windows\Temp\FORA989.tmp --------- 1409
03.07.2010 08:19 C:\Windows\Temp\TTRA988.tmp --------- 10500
24.06.2010 09:54 C:\Windows\Temp\FORAF15.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAF06.tmp --------- 4588
24.06.2010 09:54 C:\Windows\Temp\FORAE87.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAE86.tmp --------- 5644
24.06.2010 09:54 C:\Windows\Temp\FORAE56.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\FORAE45.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAE55.tmp --------- 14080
24.06.2010 09:54 C:\Windows\Temp\TTRAE44.tmp --------- 9676
24.06.2010 09:54 C:\Windows\Temp\TTRAE42.tmp --------- 6780
24.06.2010 09:54 C:\Windows\Temp\FORAE43.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\FORAE10.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAE11.tmp --------- 4832
24.06.2010 09:54 C:\Windows\Temp\FORAE12.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAE0F.tmp --------- 5528
24.06.2010 09:54 C:\Windows\Temp\FORAB21.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAB20.tmp --------- 4912
24.06.2010 09:54 C:\Windows\Temp\TTRAB0E.tmp --------- 12280
24.06.2010 09:54 C:\Windows\Temp\FORAB0F.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\FORAAA0.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAA81.tmp --------- 6120
24.06.2010 09:54 C:\Windows\Temp\FORAA7D.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\FORAA6B.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAA7E.tmp --------- 13840
24.06.2010 09:54 C:\Windows\Temp\TTRAA6A.tmp --------- 7116
24.06.2010 09:54 C:\Windows\Temp\TTRAA7C.tmp --------- 8536
24.06.2010 09:54 C:\Windows\Temp\FORAA7F.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\FORAA4A.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\FORAA39.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAA49.tmp --------- 5212
24.06.2010 09:54 C:\Windows\Temp\TTRA90B.tmp --------- 8892
24.06.2010 09:54 C:\Windows\Temp\FORA90C.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\FORAA37.tmp --------- 1409
24.06.2010 09:54 C:\Windows\Temp\TTRAA38.tmp --------- 4268
24.06.2010 09:54 C:\Windows\Temp\TTRAA36.tmp --------- 5528
14.06.2010 23:10 C:\Windows\Temp\dmy7916.tmp --------- 0
05.06.2010 08:30 C:\Windows\Temp\Cookies --------- 0
03.06.2010 10:53 C:\Windows\Temp\FOR684D.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR684C.tmp --------- 10656
03.06.2010 10:53 C:\Windows\Temp\FOR683B.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR683A.tmp --------- 10656
03.06.2010 10:53 C:\Windows\Temp\FOR6829.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR6828.tmp --------- 15232
03.06.2010 10:53 C:\Windows\Temp\FOR6827.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR6826.tmp --------- 14092
03.06.2010 10:53 C:\Windows\Temp\FOR66CE.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR66CD.tmp --------- 14092
03.06.2010 10:53 C:\Windows\Temp\FOR66BD.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR66BC.tmp --------- 18748
03.06.2010 10:53 C:\Windows\Temp\FOR66BB.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR66BA.tmp --------- 14092
03.06.2010 10:53 C:\Windows\Temp\FOR66A9.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR66A8.tmp --------- 15232
03.06.2010 10:53 C:\Windows\Temp\FOR6688.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR6687.tmp --------- 14092
03.06.2010 10:53 C:\Windows\Temp\FOR6686.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR6685.tmp --------- 15232
03.06.2010 10:53 C:\Windows\Temp\FOR64DF.tmp --------- 1409
03.06.2010 10:53 C:\Windows\Temp\TTR64DE.tmp --------- 39788
28.05.2010 09:21 C:\Windows\Temp\MSIf977e.LOG --------- 178866
25.05.2010 10:24 C:\Windows\Temp\FORC50E.tmp --------- 1409
25.05.2010 10:24 C:\Windows\Temp\TTRC50D.tmp --------- 8280
25.05.2010 10:24 C:\Windows\Temp\FORC50C.tmp --------- 1409
25.05.2010 10:24 C:\Windows\Temp\TTRC50B.tmp --------- 4648
25.05.2010 10:24 C:\Windows\Temp\FORC48D.tmp --------- 1409
25.05.2010 10:24 C:\Windows\Temp\TTRC48C.tmp --------- 12176
25.05.2010 10:24 C:\Windows\Temp\FORC44D.tmp --------- 1409
25.05.2010 10:24 C:\Windows\Temp\TTRC44C.tmp --------- 6824
21.05.2010 07:36 C:\Windows\Temp\isCBB8.tmp --------- 0
21.05.2010 07:35 C:\Windows\Temp\is539B.tmp --------- 0
29.04.2010 11:04 C:\Windows\Temp\FORF3E0.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF3DF.tmp --------- 4312
29.04.2010 11:04 C:\Windows\Temp\FORF3CE.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF3CD.tmp --------- 5140
29.04.2010 11:04 C:\Windows\Temp\FORF3BD.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF3BC.tmp --------- 4336
29.04.2010 11:04 C:\Windows\Temp\FORF35D.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF35C.tmp --------- 6008
29.04.2010 11:04 C:\Windows\Temp\FORF34B.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF34A.tmp --------- 6780
29.04.2010 11:04 C:\Windows\Temp\FORF25F.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF25E.tmp --------- 4504
29.04.2010 11:04 C:\Windows\Temp\FORF20F.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF20E.tmp --------- 8620
29.04.2010 11:04 C:\Windows\Temp\FORF1BF.tmp --------- 1409
29.04.2010 11:04 C:\Windows\Temp\TTRF1BE.tmp --------- 6296
26.04.2010 18:51 C:\Windows\Temp\FORAF18.tmp --------- 1409
26.04.2010 18:51 C:\Windows\Temp\TTRAF17.tmp --------- 44268
26.04.2010 18:51 C:\Windows\Temp\FORAF06.tmp --------- 1409
26.04.2010 18:51 C:\Windows\Temp\TTRAF05.tmp --------- 45128
12.03.2010 10:48 C:\Windows\Temp\FOR88A5.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR88A4.tmp --------- 4776
12.03.2010 10:48 C:\Windows\Temp\FOR8894.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR8893.tmp --------- 4928
12.03.2010 10:48 C:\Windows\Temp\FOR8882.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR8881.tmp --------- 4656
12.03.2010 10:48 C:\Windows\Temp\FOR8880.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR887F.tmp --------- 7676
12.03.2010 10:48 C:\Windows\Temp\FOR8775.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR8774.tmp --------- 4640
12.03.2010 10:48 C:\Windows\Temp\FOR8763.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR8762.tmp --------- 5684
12.03.2010 10:48 C:\Windows\Temp\FOR8752.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR8751.tmp --------- 7744
12.03.2010 10:48 C:\Windows\Temp\FOR8750.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR874F.tmp --------- 6276
12.03.2010 10:48 C:\Windows\Temp\FOR873E.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR873D.tmp --------- 12324
12.03.2010 10:48 C:\Windows\Temp\FOR872D.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR872C.tmp --------- 21984
12.03.2010 10:48 C:\Windows\Temp\FOR871B.tmp --------- 1409
12.03.2010 10:48 C:\Windows\Temp\TTR871A.tmp --------- 14448
28.02.2010 17:52 C:\Windows\Temp\TTR8428.tmp --------- 4776
28.02.2010 17:52 C:\Windows\Temp\FOR843B.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR843A.tmp --------- 4772
28.02.2010 17:52 C:\Windows\Temp\FOR8439.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\FOR8263.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR8240.tmp --------- 4668
28.02.2010 17:52 C:\Windows\Temp\FOR8261.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR8262.tmp --------- 4760
28.02.2010 17:52 C:\Windows\Temp\FOR81A3.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR81A2.tmp --------- 5600
28.02.2010 17:52 C:\Windows\Temp\FOR7FED.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR7FDC.tmp --------- 4952
28.02.2010 17:52 C:\Windows\Temp\FOR7FDB.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR7FDA.tmp --------- 4676
28.02.2010 17:52 C:\Windows\Temp\FOR7E24.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR7E14.tmp --------- 4724
28.02.2010 17:52 C:\Windows\Temp\FOR7DC5.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\FOR7DB3.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR7DC4.tmp --------- 7340
28.02.2010 17:52 C:\Windows\Temp\TTR7DB2.tmp --------- 6676
28.02.2010 17:52 C:\Windows\Temp\FOR7DA1.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\FOR7D90.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR7DA0.tmp --------- 17144
28.02.2010 17:52 C:\Windows\Temp\TTR7D8F.tmp --------- 5012
28.02.2010 17:52 C:\Windows\Temp\TTR7D8D.tmp --------- 10896
28.02.2010 17:52 C:\Windows\Temp\FOR7D7C.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\FOR7D8E.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR7D6C.tmp --------- 9588
28.02.2010 17:52 C:\Windows\Temp\FOR7D4B.tmp --------- 1409
28.02.2010 17:52 C:\Windows\Temp\TTR7D1C.tmp --------- 18304
27.02.2010 18:57 C:\Windows\Temp\TTRAC2F.tmp --------- 4360
27.02.2010 18:57 C:\Windows\Temp\FORAC1E.tmp --------- 1409
27.02.2010 18:57 C:\Windows\Temp\FORAC30.tmp --------- 1409
27.02.2010 18:57 C:\Windows\Temp\FORAC0D.tmp --------- 1409
27.02.2010 18:57 C:\Windows\Temp\TTRAC1D.tmp --------- 4696
27.02.2010 18:57 C:\Windows\Temp\TTRAC0C.tmp --------- 17144
27.02.2010 18:57 C:\Windows\Temp\FORABEB.tmp --------- 1409
27.02.2010 18:57 C:\Windows\Temp\TTRABDB.tmp --------- 5012
27.02.2010 18:57 C:\Windows\Temp\FORABCA.tmp --------- 1409
27.02.2010 18:57 C:\Windows\Temp\TTRABBA.tmp --------- 18304
31.01.2010 18:49 C:\Windows\Temp\History --------- 0
26.01.2010 08:57 C:\Windows\Temp\__SKIP_734 --------- 0
26.01.2010 08:47 C:\Windows\Temp\FORE716.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE715.tmp --------- 4356
26.01.2010 08:47 C:\Windows\Temp\FORE659.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE658.tmp --------- 4516
26.01.2010 08:47 C:\Windows\Temp\FORE647.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE646.tmp --------- 7516
26.01.2010 08:47 C:\Windows\Temp\FORE645.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE644.tmp --------- 8516
26.01.2010 08:47 C:\Windows\Temp\FORE643.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE642.tmp --------- 5484
26.01.2010 08:47 C:\Windows\Temp\FORE641.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE631.tmp --------- 9860
26.01.2010 08:47 C:\Windows\Temp\FORE4F8.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE4F7.tmp --------- 4644
26.01.2010 08:47 C:\Windows\Temp\FORE4D6.tmp --------- 1409
26.01.2010 08:47 C:\Windows\Temp\TTRE4D5.tmp --------- 4712
14.01.2010 22:17 C:\Windows\Temp\hss2.tmp --------- 3604528
09.01.2010 14:13 C:\Windows\Temp\HssInstaller --------- 0
30.12.2009 11:48 C:\Windows\Temp\FOR17F2.tmp --------- 1409
30.12.2009 11:48 C:\Windows\Temp\TTR17F1.tmp --------- 11612
30.12.2009 11:48 C:\Windows\Temp\FOR17F0.tmp --------- 1409
30.12.2009 11:48 C:\Windows\Temp\TTR17EF.tmp --------- 13028
30.12.2009 11:47 C:\Windows\Temp\FOR9131.tmp --------- 1409
30.12.2009 11:47 C:\Windows\Temp\TTR9130.tmp --------- 11612
30.12.2009 11:47 C:\Windows\Temp\FOR911F.tmp --------- 1409
30.12.2009 11:47 C:\Windows\Temp\TTR910F.tmp --------- 13028
30.12.2009 11:46 C:\Windows\Temp\FOR3E3C.tmp --------- 1409
30.12.2009 11:46 C:\Windows\Temp\TTR3E3B.tmp --------- 11612
30.12.2009 11:46 C:\Windows\Temp\FOR3E3A.tmp --------- 1409
30.12.2009 11:46 C:\Windows\Temp\TTR3E39.tmp --------- 13028
14.12.2009 15:18 C:\Windows\Temp\FORB990.tmp --------- 1409
14.12.2009 15:18 C:\Windows\Temp\TTRB98F.tmp --------- 26800
14.12.2009 15:14 C:\Windows\Temp\dmy803B.tmp --------- 0
14.12.2009 15:13 C:\Windows\Temp\dmy6A2C.tmp --------- 0
06.12.2009 21:44 C:\Windows\Temp\fwtsqmfile16.sqm --------- 632
23.11.2009 21:19 C:\Windows\Temp\FOR815A.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8159.tmp --------- 4336
23.11.2009 21:19 C:\Windows\Temp\FOR8149.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8148.tmp --------- 4436
23.11.2009 21:19 C:\Windows\Temp\FOR8128.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8127.tmp --------- 4724
23.11.2009 21:19 C:\Windows\Temp\FOR8126.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8125.tmp --------- 4388
23.11.2009 21:19 C:\Windows\Temp\FOR8124.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8123.tmp --------- 5480
23.11.2009 21:19 C:\Windows\Temp\FOR8112.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8111.tmp --------- 9768
23.11.2009 21:19 C:\Windows\Temp\FOR8016.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8015.tmp --------- 4268
23.11.2009 21:19 C:\Windows\Temp\FOR8014.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8013.tmp --------- 4336
23.11.2009 21:19 C:\Windows\Temp\FOR8003.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR8002.tmp --------- 4952
23.11.2009 21:19 C:\Windows\Temp\FOR7FF1.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR7FF0.tmp --------- 8548
23.11.2009 21:19 C:\Windows\Temp\FOR7FE0.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR7FDF.tmp --------- 6544
23.11.2009 21:19 C:\Windows\Temp\FOR7FCE.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR7FCD.tmp --------- 4732
23.11.2009 21:19 C:\Windows\Temp\FOR7FAD.tmp --------- 1409
23.11.2009 21:19 C:\Windows\Temp\TTR7FAC.tmp --------- 20156
23.11.2009 16:49 C:\Windows\Temp\dd_dotnetfx35install_lp.txt --------- 67098
23.11.2009 16:49 C:\Windows\Temp\uxeventlog.txt --------- 1528
23.11.2009 16:49 C:\Windows\Temp\dd_NET_Framework35_LangPack_MSI0268.txt --------- 493002
23.11.2009 16:49 C:\Windows\Temp\dd_depcheck_NETFX_EXP_35.txt --------- 35802
23.11.2009 16:48 C:\Windows\Temp\dd_dotnetfx35error_lp.txt --------- 2
07.11.2009 18:08 C:\Windows\Temp\fwtsqmfile15.sqm --------- 632
04.11.2009 23:36 C:\Windows\Temp\fwtsqmfile14.sqm --------- 120
04.11.2009 13:12 C:\Windows\Temp\fwtsqmfile13.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile12.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile11.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile10.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile09.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile08.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile07.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile06.sqm --------- 120
04.11.2009 13:05 C:\Windows\Temp\fwtsqmfile05.sqm --------- 120
04.11.2009 13:04 C:\Windows\Temp\fwtsqmfile04.sqm --------- 120
04.11.2009 13:04 C:\Windows\Temp\fwtsqmfile02.sqm --------- 120
04.11.2009 13:04 C:\Windows\Temp\fwtsqmfile01.sqm --------- 120
04.11.2009 13:04 C:\Windows\Temp\fwtsqmfile00.sqm --------- 120
04.11.2009 13:04 C:\Windows\Temp\fwtsqmfile03.sqm --------- 120
04.11.2009 13:04 C:\Windows\Temp\fwtsqmfile19.sqm --------- 120
03.11.2009 23:28 C:\Windows\Temp\fwtsqmfile18.sqm --------- 120
02.11.2009 23:11 C:\Windows\Temp\fwtsqmfile17.sqm --------- 120
14.10.2009 13:44 C:\Windows\Temp\RtSigs --------- 0
12.10.2009 11:38 C:\Windows\Temp\FORAA81.tmp --------- 1409
12.10.2009 11:38 C:\Windows\Temp\TTRAA80.tmp --------- 44268
12.10.2009 11:38 C:\Windows\Temp\FORA9B4.tmp --------- 1409
12.10.2009 11:38 C:\Windows\Temp\TTRA9B3.tmp --------- 45128
13.07.2009 21:04 C:\Windows\Temp\vmware-serverd.log --------- 19396
13.07.2009 21:04 C:\Windows\Temp\hsperfdata_TMSL$ --------- 0
12.07.2009 16:33 C:\Windows\Temp\vmware-vmount.log --------- 85
12.07.2009 11:19 C:\Windows\Temp\vmware-serverd-0.log --------- 19396
11.07.2009 22:03 C:\Windows\Temp\vmware-vmount-1.log --------- 85
11.07.2009 21:35 C:\Windows\Temp\vmware-serverd-1.log --------- 19397
10.07.2009 17:01 C:\Windows\Temp\vmware-vmount-2.log --------- 85
10.07.2009 13:44 C:\Windows\Temp\vmware-serverd-2.log --------- 19396
06.07.2009 21:04 C:\Windows\Temp\vmware-vmount-3.log --------- 85
06.07.2009 20:10 C:\Windows\Temp\vmware-serverd-3.log --------- 19295
06.07.2009 19:26 C:\Windows\Temp\vmware-vmount-4.log --------- 85
06.07.2009 13:50 C:\Windows\Temp\vmware-serverd-4.log --------- 19396
28.06.2009 21:40 C:\Windows\Temp\vmware-vmount-5.log --------- 85
28.06.2009 20:29 C:\Windows\Temp\vmware-serverd-5.log --------- 19396
28.06.2009 17:25 C:\Windows\Temp\vmware-vmount-6.log --------- 85
27.06.2009 23:33 C:\Windows\Temp\vmware-serverd-6.log --------- 19396
27.06.2009 15:31 C:\Windows\Temp\vmware-vmount-7.log --------- 85
27.06.2009 15:17 C:\Windows\Temp\vmware-serverd-7.log --------- 19396
24.06.2009 07:55 C:\Windows\Temp\vmware-vmount-8.log --------- 85
23.06.2009 22:34 C:\Windows\Temp\vmware-serverd-8.log --------- 19396
23.06.2009 21:40 C:\Windows\Temp\vmware-vmount-9.log --------- 85
23.06.2009 21:38 C:\Windows\Temp\vmware-serverd-9.log --------- 19396
22.06.2009 11:34 C:\Windows\Temp\vmware-vmount-10.log --------- 85
11.06.2009 21:19 C:\Windows\Temp\FOR9A9E.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9A9D.tmp --------- 4864
11.06.2009 21:19 C:\Windows\Temp\FOR9713.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9712.tmp --------- 8220
11.06.2009 21:19 C:\Windows\Temp\FOR9701.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9700.tmp --------- 6512
11.06.2009 21:19 C:\Windows\Temp\FOR96FF.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR96FE.tmp --------- 11484
11.06.2009 21:19 C:\Windows\Temp\FOR9671.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9670.tmp --------- 4616
11.06.2009 21:19 C:\Windows\Temp\FOR95C3.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR95C2.tmp --------- 6744
11.06.2009 21:19 C:\Windows\Temp\FOR95B2.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\FOR9590.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR95B1.tmp --------- 4692
11.06.2009 21:19 C:\Windows\Temp\TTR958F.tmp --------- 10624
11.06.2009 21:19 C:\Windows\Temp\FOR957F.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR957E.tmp --------- 5812
11.06.2009 21:19 C:\Windows\Temp\FOR9406.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9405.tmp --------- 9480
11.06.2009 21:19 C:\Windows\Temp\TTR93F4.tmp --------- 11624
11.06.2009 21:19 C:\Windows\Temp\FOR93F5.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\FOR9338.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9337.tmp --------- 15780
11.06.2009 21:19 C:\Windows\Temp\FOR9336.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9325.tmp --------- 19992
11.06.2009 21:19 C:\Windows\Temp\TTR9323.tmp --------- 6000
11.06.2009 21:19 C:\Windows\Temp\FOR9324.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR91CA.tmp --------- 24836
11.06.2009 21:19 C:\Windows\Temp\FOR91CB.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\FOR91B9.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR91B8.tmp --------- 9456
11.06.2009 21:19 C:\Windows\Temp\FOR91B7.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR91B6.tmp --------- 10472
11.06.2009 21:19 C:\Windows\Temp\FOR9186.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9185.tmp --------- 28292
11.06.2009 21:19 C:\Windows\Temp\FOR9184.tmp --------- 1409
11.06.2009 21:19 C:\Windows\Temp\TTR9183.tmp --------- 22184
08.06.2009 07:01 C:\Windows\Temp\FOR97E.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR97D.tmp --------- 4452
08.06.2009 07:01 C:\Windows\Temp\FOR95D.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR95C.tmp --------- 9364
08.06.2009 07:01 C:\Windows\Temp\FOR823.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR822.tmp --------- 10584
08.06.2009 07:01 C:\Windows\Temp\FOR7D3.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR7D2.tmp --------- 9120
08.06.2009 07:01 C:\Windows\Temp\FOR7C2.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR7C1.tmp --------- 5672
08.06.2009 07:01 C:\Windows\Temp\FOR7B0.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR7AF.tmp --------- 4952
08.06.2009 07:01 C:\Windows\Temp\FOR78F.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR78E.tmp --------- 4332
08.06.2009 07:01 C:\Windows\Temp\FOR77D.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR77C.tmp --------- 11436
08.06.2009 07:01 C:\Windows\Temp\FOR74C.tmp --------- 1409
08.06.2009 07:01 C:\Windows\Temp\TTR74B.tmp --------- 20380
01.06.2009 13:28 C:\Windows\Temp\TTRF97B.tmp --------- 9364
01.06.2009 13:28 C:\Windows\Temp\FORF97C.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\TTRF860.tmp --------- 10584
01.06.2009 13:28 C:\Windows\Temp\FORF85F.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\TTRF85E.tmp --------- 5272
01.06.2009 13:28 C:\Windows\Temp\FORF861.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\FORF84D.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\FORF84B.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\TTRF84C.tmp --------- 18364
01.06.2009 13:28 C:\Windows\Temp\TTRF84A.tmp --------- 5616
01.06.2009 13:28 C:\Windows\Temp\FORF83A.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\FORF838.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\TTRF837.tmp --------- 4628
01.06.2009 13:28 C:\Windows\Temp\TTRF839.tmp --------- 5316
01.06.2009 13:28 C:\Windows\Temp\TTRF835.tmp --------- 11412
01.06.2009 13:28 C:\Windows\Temp\FORF836.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\TTRF811.tmp --------- 9312
01.06.2009 13:28 C:\Windows\Temp\TTRF813.tmp --------- 20576
01.06.2009 13:28 C:\Windows\Temp\FORF812.tmp --------- 1409
01.06.2009 13:28 C:\Windows\Temp\FORF814.tmp --------- 1409
27.05.2009 08:17 C:\Windows\Temp\ASPNETSetup_00000.log --------- 775
26.05.2009 10:29 C:\Windows\Temp\FOR983E.tmp --------- 1409
26.05.2009 10:29 C:\Windows\Temp\TTR983D.tmp --------- 121852
26.05.2009 10:29 C:\Windows\Temp\FOR981C.tmp --------- 1409
26.05.2009 10:29 C:\Windows\Temp\TTR981B.tmp --------- 140808
26.05.2009 09:01 C:\Windows\Temp\~msdt --------- 0
20.03.2009 09:26 C:\Windows\Temp\Temporary Internet Files --------- 0
----------------------------------------
C:\Users\Tommy\AppData\Local\Temp
12.12.2011 17:03 C:\Users\Tommy\AppData\Local\Temp\AdobeARM.log --------- 134833
12.12.2011 17:03 C:\Users\Tommy\AppData\Local\Temp\WPDNSE --------- 0
12.12.2011 17:02 C:\Users\Tommy\AppData\Local\Temp\Tommy.bmp --------- 31832
11.12.2011 23:01 C:\Users\Tommy\AppData\Local\Temp\java_install_reg.log --------- 1819
11.12.2011 23:02 C:\Users\Tommy\AppData\Local\Temp\hsperfdata_Tommy --------- 0
11.12.2011 20:28 C:\Users\Tommy\AppData\Local\Temp\~DFE864.tmp --------- 16384
11.12.2011 15:53 C:\Users\Tommy\AppData\Local\Temp\divDF75.tmp --------- 0
07.12.2011 17:28 C:\Users\Tommy\AppData\Local\Temp\svl7j.tmp --------- 28663
07.12.2011 17:24 C:\Users\Tommy\AppData\Local\Temp\tmp59710715 --------- 0
07.12.2011 16:54 C:\Users\Tommy\AppData\Local\Temp\divDC88.tmp --------- 0
30.11.2011 18:04 C:\Users\Tommy\AppData\Local\Temp\Koala.log --------- 167306
30.11.2011 17:45 C:\Users\Tommy\AppData\Local\Temp\Koala.log.1 --------- 54833
30.11.2011 16:37 C:\Users\Tommy\AppData\Local\Temp\fontconfig --------- 0
30.11.2011 16:30 C:\Users\Tommy\AppData\Local\Temp\SkypeSetup.exe --------- 23803016
30.11.2011 11:07 C:\Users\Tommy\AppData\Local\Temp\divD87.tmp --------- 0
27.11.2011 22:50 C:\Users\Tommy\AppData\Local\Temp\divEC31.tmp --------- 0
27.11.2011 15:42 C:\Users\Tommy\AppData\Local\Temp\~DFD1CB.tmp --------- 16384
27.11.2011 13:18 C:\Users\Tommy\AppData\Local\Temp\scoped_dir26348 --------- 0
27.11.2011 13:17 C:\Users\Tommy\AppData\Local\Temp\scoped_dir26191 --------- 0
27.11.2011 13:17 C:\Users\Tommy\AppData\Local\Temp\scoped_dir30973 --------- 0
27.11.2011 10:36 C:\Users\Tommy\AppData\Local\Temp\divDA85.tmp --------- 0
26.11.2011 21:04 C:\Users\Tommy\AppData\Local\Temp\divD863.tmp --------- 0
25.11.2011 17:47 C:\Users\Tommy\AppData\Local\Temp\divE06F.tmp --------- 0
23.11.2011 18:32 C:\Users\Tommy\AppData\Local\Temp\div14D7.tmp --------- 0
22.11.2011 15:45 C:\Users\Tommy\AppData\Local\Temp\svf41.tmp --------- 28663
22.11.2011 15:44 C:\Users\Tommy\AppData\Local\Temp\divD855.tmp --------- 0
21.11.2011 20:21 C:\Users\Tommy\AppData\Local\Temp\div29E.tmp --------- 0
21.11.2011 20:21 C:\Users\Tommy\AppData\Local\Temp\1851.dir --------- 0
21.11.2011 20:20 C:\Users\Tommy\AppData\Local\Temp\1851.tmp --------- 0
20.11.2011 22:14 C:\Users\Tommy\AppData\Local\Temp\scoped_dir24093 --------- 0
20.11.2011 22:13 C:\Users\Tommy\AppData\Local\Temp\scoped_dir23976 --------- 0
20.11.2011 22:13 C:\Users\Tommy\AppData\Local\Temp\scoped_dir7529 --------- 0
20.11.2011 18:16 C:\Users\Tommy\AppData\Local\Temp\div4E00.tmp --------- 0
16.11.2011 19:14 C:\Users\Tommy\AppData\Local\Temp\scoped_dir7137 --------- 0
16.11.2011 19:14 C:\Users\Tommy\AppData\Local\Temp\scoped_dir5693 --------- 0
16.11.2011 19:14 C:\Users\Tommy\AppData\Local\Temp\scoped_dir7039 --------- 0
16.11.2011 18:37 C:\Users\Tommy\AppData\Local\Temp\MemCrash20111116183737.bin --------- 0
16.11.2011 17:27 C:\Users\Tommy\AppData\Local\Temp\div74E1.tmp --------- 0
14.11.2011 18:16 C:\Users\Tommy\AppData\Local\Temp\scoped_dir21285 --------- 0
14.11.2011 18:15 C:\Users\Tommy\AppData\Local\Temp\scoped_dir23816 --------- 0
14.11.2011 18:15 C:\Users\Tommy\AppData\Local\Temp\scoped_dir21148 --------- 0
14.11.2011 18:15 C:\Users\Tommy\AppData\Local\Temp\div5002.tmp --------- 0
14.11.2011 16:14 C:\Users\Tommy\AppData\Local\Temp\scoped_dir30172 --------- 0
14.11.2011 16:14 C:\Users\Tommy\AppData\Local\Temp\scoped_dir17267 --------- 0
14.11.2011 16:14 C:\Users\Tommy\AppData\Local\Temp\scoped_dir30090 --------- 0
14.11.2011 15:25 C:\Users\Tommy\AppData\Local\Temp\div203C.tmp --------- 0
14.11.2011 12:13 C:\Users\Tommy\AppData\Local\Temp\svc0c.tmp --------- 28663
14.11.2011 11:42 C:\Users\Tommy\AppData\Local\Temp\sv78a.tmp --------- 28663
14.11.2011 11:38 C:\Users\Tommy\AppData\Local\Temp\svec4.tmp --------- 28663
14.11.2011 10:04 C:\Users\Tommy\AppData\Local\Temp\DDMCache --------- 0
14.11.2011 10:03 C:\Users\Tommy\AppData\Local\Temp\divFF92.tmp --------- 0
14.11.2011 10:01 C:\Users\Tommy\AppData\Local\Temp\divA591.tmp --------- 0
12.11.2011 22:33 C:\Users\Tommy\AppData\Local\Temp\scoped_dir31545 --------- 0
12.11.2011 22:32 C:\Users\Tommy\AppData\Local\Temp\scoped_dir26265 --------- 0
12.11.2011 22:32 C:\Users\Tommy\AppData\Local\Temp\scoped_dir31421 --------- 0
12.11.2011 22:11 C:\Users\Tommy\AppData\Local\Temp\CFGF8A1.tmp --------- 123
12.11.2011 21:15 C:\Users\Tommy\AppData\Local\Temp\divFBEA.tmp --------- 0
09.11.2011 22:30 C:\Users\Tommy\AppData\Local\Temp\scoped_dir3817 --------- 0
09.11.2011 22:28 C:\Users\Tommy\AppData\Local\Temp\scoped_dir1058 --------- 0
09.11.2011 22:28 C:\Users\Tommy\AppData\Local\Temp\scoped_dir3484 --------- 0
09.11.2011 21:55 C:\Users\Tommy\AppData\Local\Temp\div6640.tmp --------- 0
09.11.2011 09:13 C:\Users\Tommy\AppData\Local\Temp\divCA02.tmp --------- 0
08.11.2011 21:54 C:\Users\Tommy\AppData\Local\Temp\divCE17.tmp --------- 0
07.11.2011 18:47 C:\Users\Tommy\AppData\Local\Temp\div38AC.tmp --------- 0
07.11.2011 17:27 C:\Users\Tommy\AppData\Local\Temp\svelm.tmp --------- 28663
07.11.2011 17:22 C:\Users\Tommy\AppData\Local\Temp\svoik.tmp --------- 28663
07.11.2011 17:19 C:\Users\Tommy\AppData\Local\Temp\scoped_dir1214 --------- 0
07.11.2011 17:18 C:\Users\Tommy\AppData\Local\Temp\scoped_dir28897 --------- 0
07.11.2011 17:18 C:\Users\Tommy\AppData\Local\Temp\scoped_dir1054 --------- 0
06.11.2011 19:22 C:\Users\Tommy\AppData\Local\Temp\~DF3462.tmp --------- 16384
06.11.2011 19:17 C:\Users\Tommy\AppData\Local\Temp\divD4FA.tmp --------- 0
06.11.2011 11:46 C:\Users\Tommy\AppData\Local\Temp\~DF101D.tmp --------- 16384
06.11.2011 10:09 C:\Users\Tommy\AppData\Local\Temp\div1B4.tmp --------- 0
05.11.2011 17:31 C:\Users\Tommy\AppData\Local\Temp\div1D11.tmp --------- 0
05.11.2011 08:00 C:\Users\Tommy\AppData\Local\Temp\divD789.tmp --------- 0
04.11.2011 18:45 C:\Users\Tommy\AppData\Local\Temp\scoped_dir23574 --------- 0
04.11.2011 18:45 C:\Users\Tommy\AppData\Local\Temp\scoped_dir27365 --------- 0
04.11.2011 18:45 C:\Users\Tommy\AppData\Local\Temp\scoped_dir23454 --------- 0
04.11.2011 18:29 C:\Users\Tommy\AppData\Local\Temp\divE85B.tmp --------- 0
02.11.2011 20:30 C:\Users\Tommy\AppData\Local\Temp\scoped_dir4072 --------- 0
02.11.2011 19:41 C:\Users\Tommy\AppData\Local\Temp\div4088.tmp --------- 0
02.11.2011 17:21 C:\Users\Tommy\AppData\Local\Temp\scoped_dir32687 --------- 0
02.11.2011 17:19 C:\Users\Tommy\AppData\Local\Temp\~DFACBA.tmp --------- 16384
02.11.2011 16:36 C:\Users\Tommy\AppData\Local\Temp\div21A3.tmp --------- 0
31.10.2011 18:32 C:\Users\Tommy\AppData\Local\Temp\divDE6C.tmp --------- 0
31.10.2011 17:19 C:\Users\Tommy\AppData\Local\Temp\~DF34C0.tmp --------- 16384
31.10.2011 16:50 C:\Users\Tommy\AppData\Local\Temp\divD854.tmp --------- 0
30.10.2011 19:42 C:\Users\Tommy\AppData\Local\Temp\scoped_dir236 --------- 0
30.10.2011 19:41 C:\Users\Tommy\AppData\Local\Temp\scoped_dir128 --------- 0
30.10.2011 19:41 C:\Users\Tommy\AppData\Local\Temp\scoped_dir1841 --------- 0
30.10.2011 19:37 C:\Users\Tommy\AppData\Local\Temp\MemCrash20111030193733.bin --------- 0
30.10.2011 18:53 C:\Users\Tommy\AppData\Local\Temp\divF391.tmp --------- 0
28.10.2011 15:42 C:\Users\Tommy\AppData\Local\Temp\scoped_dir11567 --------- 0
28.10.2011 15:42 C:\Users\Tommy\AppData\Local\Temp\scoped_dir25771 --------- 0
28.10.2011 15:42 C:\Users\Tommy\AppData\Local\Temp\scoped_dir11485 --------- 0
28.10.2011 15:21 C:\Users\Tommy\AppData\Local\Temp\div60B5.tmp --------- 0
28.10.2011 13:39 C:\Users\Tommy\AppData\Local\Temp\scoped_dir20215 --------- 0
28.10.2011 12:05 C:\Users\Tommy\AppData\Local\Temp\scoped_dir29466 --------- 0
28.10.2011 12:05 C:\Users\Tommy\AppData\Local\Temp\scoped_dir1814 --------- 0
28.10.2011 09:31 C:\Users\Tommy\AppData\Local\Temp\svdm3.tmp --------- 28663
28.10.2011 09:25 C:\Users\Tommy\AppData\Local\Temp\divDED9.tmp --------- 0
27.10.2011 22:17 C:\Users\Tommy\AppData\Local\Temp\divE56E.tmp --------- 0
27.10.2011 07:29 C:\Users\Tommy\AppData\Local\Temp\div6C87.tmp --------- 0
26.10.2011 19:11 C:\Users\Tommy\AppData\Local\Temp\svn2p.tmp --------- 28663
26.10.2011 19:03 C:\Users\Tommy\AppData\Local\Temp\divE2EE.tmp --------- 0
24.10.2011 20:46 C:\Users\Tommy\AppData\Local\Temp\divEA1F.tmp --------- 0
23.10.2011 22:35 C:\Users\Tommy\AppData\Local\Temp\MemCrash20111023233514.bin --------- 0
23.10.2011 18:47 C:\Users\Tommy\AppData\Local\Temp\div23B5.tmp --------- 0
23.10.2011 11:31 C:\Users\Tommy\AppData\Local\Temp\plugtmp-6 --------- 0
23.10.2011 11:14 C:\Users\Tommy\AppData\Local\Temp\div4B1.tmp --------- 0
22.10.2011 19:52 C:\Users\Tommy\AppData\Local\Temp\plugtmp-5 --------- 0
22.10.2011 18:34 C:\Users\Tommy\AppData\Local\Temp\div86FA.tmp --------- 0
22.10.2011 09:08 C:\Users\Tommy\AppData\Local\Temp\div5D6B.tmp --------- 0
21.10.2011 20:30 C:\Users\Tommy\AppData\Local\Temp\div2BB1.tmp --------- 0
21.10.2011 16:22 C:\Users\Tommy\AppData\Local\Temp\divE39A.tmp --------- 0
20.10.2011 14:23 C:\Users\Tommy\AppData\Local\Temp\divB144.tmp --------- 0
19.10.2011 18:55 C:\Users\Tommy\AppData\Local\Temp\scoped_dir394 --------- 0
19.10.2011 18:55 C:\Users\Tommy\AppData\Local\Temp\scoped_dir17889 --------- 0
19.10.2011 18:55 C:\Users\Tommy\AppData\Local\Temp\scoped_dir315 --------- 0
19.10.2011 18:26 C:\Users\Tommy\AppData\Local\Temp\div4BCE.tmp --------- 0
18.10.2011 19:30 C:\Users\Tommy\AppData\Local\Temp\divE38A.tmp --------- 0
18.10.2011 16:27 C:\Users\Tommy\AppData\Local\Temp\scoped_dir16965 --------- 0
18.10.2011 15:44 C:\Users\Tommy\AppData\Local\Temp\scoped_dir8553 --------- 0
18.10.2011 15:44 C:\Users\Tommy\AppData\Local\Temp\scoped_dir8435 --------- 0
18.10.2011 15:44 C:\Users\Tommy\AppData\Local\Temp\scoped_dir8432 --------- 0
18.10.2011 15:41 C:\Users\Tommy\AppData\Local\Temp\APNLogs --------- 0
18.10.2011 15:41 C:\Users\Tommy\AppData\Local\Temp\AskSLib.dll --------- 246440
18.10.2011 15:41 C:\Users\Tommy\AppData\Local\Temp\APN-Stub --------- 0
18.10.2011 15:41 C:\Users\Tommy\AppData\Local\Temp\AppRemover_Log.txt --------- 6397
18.10.2011 15:40 C:\Users\Tommy\AppData\Local\Temp\E57E.dir --------- 0
18.10.2011 15:40 C:\Users\Tommy\AppData\Local\Temp\divC3EB.tmp --------- 0
18.10.2011 15:40 C:\Users\Tommy\AppData\Local\Temp\E57E.tmp --------- 0
18.10.2011 15:37 C:\Users\Tommy\AppData\Local\Temp\RarSFX0 --------- 49152
18.10.2011 15:36 C:\Users\Tommy\AppData\Local\Temp\~DF3F59.tmp --------- 81920
18.10.2011 15:35 C:\Users\Tommy\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111018_163528991.html --------- 75254
18.10.2011 15:35 C:\Users\Tommy\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_20111018_163528991-MSI_vc_red.msi.txt --------- 755678
18.10.2011 15:35 C:\Users\Tommy\AppData\Local\Temp\Microsoft Visual C++ 2010 x86 Redistributable Setup_10.0.40219 --------- 0
18.10.2011 15:32 C:\Users\Tommy\AppData\Local\Temp\divC3EA.tmp --------- 0
17.10.2011 19:28 C:\Users\Tommy\AppData\Local\Temp\divCFCC.tmp --------- 0
16.10.2011 21:18 C:\Users\Tommy\AppData\Local\Temp\~DFFC5C.tmp --------- 32768
16.10.2011 20:52 C:\Users\Tommy\AppData\Local\Temp\scoped_dir28880 --------- 0
16.10.2011 20:52 C:\Users\Tommy\AppData\Local\Temp\scoped_dir30661 --------- 0
16.10.2011 20:52 C:\Users\Tommy\AppData\Local\Temp\scoped_dir28792 --------- 0
16.10.2011 20:45 C:\Users\Tommy\AppData\Local\Temp\divDDD0.tmp --------- 0
15.10.2011 20:43 C:\Users\Tommy\AppData\Local\Temp\dd_dotnetfx35install.txt --------- 113916
15.10.2011 20:43 C:\Users\Tommy\AppData\Local\Temp\uxeventlog.txt --------- 1674
15.10.2011 20:43 C:\Users\Tommy\AppData\Local\Temp\dd_depcheck_NETFX_EXP_35.txt --------- 174078
15.10.2011 20:42 C:\Users\Tommy\AppData\Local\Temp\dd_dotnetfx35error.txt --------- 2
15.10.2011 20:36 C:\Users\Tommy\AppData\Local\Temp\scoped_dir5763 --------- 0
15.10.2011 20:36 C:\Users\Tommy\AppData\Local\Temp\scoped_dir2512 --------- 0
15.10.2011 20:36 C:\Users\Tommy\AppData\Local\Temp\scoped_dir5721 --------- 0
15.10.2011 19:21 C:\Users\Tommy\AppData\Local\Temp\div9A89.tmp --------- 0
15.10.2011 18:08 C:\Users\Tommy\AppData\Local\Temp\scoped_dir9409 --------- 0
15.10.2011 10:32 C:\Users\Tommy\AppData\Local\Temp\divD400.tmp --------- 0
14.10.2011 20:31 C:\Users\Tommy\AppData\Local\Temp\plugtmp-4 --------- 0
14.10.2011 20:16 C:\Users\Tommy\AppData\Local\Temp\~DFB999.tmp --------- 49152
14.10.2011 14:56 C:\Users\Tommy\AppData\Local\Temp\div14C7.tmp --------- 0
14.10.2011 07:08 C:\Users\Tommy\AppData\Local\Temp\divCB2A.tmp --------- 0
13.10.2011 19:47 C:\Users\Tommy\AppData\Local\Temp\div64F9.tmp --------- 0
13.10.2011 07:21 C:\Users\Tommy\AppData\Local\Temp\divC11C.tmp --------- 0
12.10.2011 20:11 C:\Users\Tommy\AppData\Local\Temp\plugtmp-3 --------- 0
12.10.2011 19:04 C:\Users\Tommy\AppData\Local\Temp\divE187.tmp --------- 0
12.10.2011 17:36 C:\Users\Tommy\AppData\Local\Temp\~DF1A88.tmp --------- 16384
12.10.2011 07:29 C:\Users\Tommy\AppData\Local\Temp\divC1F7.tmp --------- 0
11.10.2011 17:02 C:\Users\Tommy\AppData\Local\Temp\divDFB3.tmp --------- 0
10.10.2011 18:26 C:\Users\Tommy\AppData\Local\Temp\divE11A.tmp --------- 0
09.10.2011 18:50 C:\Users\Tommy\AppData\Local\Temp\divE159.tmp --------- 0
09.10.2011 09:30 C:\Users\Tommy\AppData\Local\Temp\div96A3.tmp --------- 0
08.10.2011 17:46 C:\Users\Tommy\AppData\Local\Temp\divC4C4.tmp --------- 0
08.10.2011 10:13 C:\Users\Tommy\AppData\Local\Temp\divC409.tmp --------- 0
07.10.2011 19:32 C:\Users\Tommy\AppData\Local\Temp\plugtmp-2 --------- 0
07.10.2011 18:47 C:\Users\Tommy\AppData\Local\Temp\~DFE649.tmp --------- 16384
07.10.2011 16:50 C:\Users\Tommy\AppData\Local\Temp\VWL.exe --------- 572288
07.10.2011 16:30 C:\Users\Tommy\AppData\Local\Temp\divE10B.tmp --------- 0
06.10.2011 14:43 C:\Users\Tommy\AppData\Local\Temp\AdobeARM_NotLocked.log --------- 801
06.10.2011 14:42 C:\Users\Tommy\AppData\Local\Temp\divDC69.tmp --------- 0
05.10.2011 20:28 C:\Users\Tommy\AppData\Local\Temp\BTN%Copy%1 --------- 0
05.10.2011 20:02 C:\Users\Tommy\AppData\Local\Temp\scoped_dir28476 --------- 0
05.10.2011 20:00 C:\Users\Tommy\AppData\Local\Temp\div9E7F.tmp --------- 0
04.10.2011 22:09 C:\Users\Tommy\AppData\Local\Temp\svemo.tmp --------- 28663
04.10.2011 21:50 C:\Users\Tommy\AppData\Local\Temp\div253B.tmp --------- 0
03.10.2011 19:03 C:\Users\Tommy\AppData\Local\Temp\5gxHh0eA.htm.part --------- 0
03.10.2011 17:44 C:\Users\Tommy\AppData\Local\Temp\divDEBA.tmp --------- 0
03.10.2011 11:37 C:\Users\Tommy\AppData\Local\Temp\div4A68.tmp --------- 0
03.10.2011 11:37 C:\Users\Tommy\AppData\Local\Temp\div4672.tmp --------- 0
03.10.2011 11:27 C:\Users\Tommy\AppData\Local\Temp\plugtmp-1 --------- 0
03.10.2011 11:09 C:\Users\Tommy\AppData\Local\Temp\Low --------- 0
30.09.2011 21:49 C:\Users\Tommy\AppData\Local\Temp\divC457.tmp --------- 0
29.09.2011 16:18 C:\Users\Tommy\AppData\Local\Temp\divC2F0.tmp --------- 0
28.09.2011 22:16 C:\Users\Tommy\AppData\Local\Temp\divCF5F.tmp --------- 0
28.09.2011 18:44 C:\Users\Tommy\AppData\Local\Temp\divF768.tmp --------- 0
28.09.2011 15:32 C:\Users\Tommy\AppData\Local\Temp\8066.dir --------- 0
28.09.2011 15:32 C:\Users\Tommy\AppData\Local\Temp\8066.tmp --------- 0
28.09.2011 15:31 C:\Users\Tommy\AppData\Local\Temp\div10E1.tmp --------- 0
26.09.2011 15:53 C:\Users\Tommy\AppData\Local\Temp\div7F6B.tmp --------- 0
26.09.2011 07:45 C:\Users\Tommy\AppData\Local\Temp\divC7E0.tmp --------- 0
25.09.2011 18:47 C:\Users\Tommy\AppData\Local\Temp\divE3F7.tmp --------- 0
23.09.2011 14:29 C:\Users\Tommy\AppData\Local\Temp\divD8E0.tmp --------- 0
22.09.2011 08:02 C:\Users\Tommy\AppData\Local\Temp\scoped_dir20547 --------- 0
22.09.2011 08:02 C:\Users\Tommy\AppData\Local\Temp\scoped_dir20456 --------- 0
22.09.2011 08:02 C:\Users\Tommy\AppData\Local\Temp\scoped_dir1692 --------- 0
22.09.2011 07:58 C:\Users\Tommy\AppData\Local\Temp\~DFC495.tmp --------- 16384
22.09.2011 07:56 C:\Users\Tommy\AppData\Local\Temp\divE520.tmp --------- 0
21.09.2011 15:55 C:\Users\Tommy\AppData\Local\Temp\~DFECF2.tmp --------- 16384
21.09.2011 15:16 C:\Users\Tommy\AppData\Local\Temp\divDA76.tmp --------- 0
19.09.2011 16:37 C:\Users\Tommy\AppData\Local\Temp\div76A5.tmp --------- 0
15.09.2011 07:49 C:\Users\Tommy\AppData\Local\Temp\divF131.tmp --------- 0
11.09.2011 20:14 C:\Users\Tommy\AppData\Local\Temp\History --------- 0
11.09.2011 20:14 C:\Users\Tommy\AppData\Local\Temp\Cookies --------- 0
11.09.2011 20:14 C:\Users\Tommy\AppData\Local\Temp\Temporary Internet Files --------- 0
11.09.2011 20:13 C:\Users\Tommy\AppData\Local\Temp\Adobe --------- 0
11.09.2011 20:03 C:\Users\Tommy\AppData\Local\Temp\divBFD5.tmp --------- 0
11.09.2011 08:12 C:\Users\Tommy\AppData\Local\Temp\plugtmp --------- 0
11.09.2011 07:57 C:\Users\Tommy\AppData\Local\Temp\divCEE2.tmp --------- 0
10.09.2011 10:23 C:\Users\Tommy\AppData\Local\Temp\divD24B.tmp --------- 0
10.09.2011 10:23 C:\Users\Tommy\AppData\Local\Temp\Log --------- 0
29.07.2011 22:36 C:\Users\Tommy\AppData\Local\Temp\DivXSetup.exe --------- 920576
22.05.2011 10:22 C:\Users\Tommy\AppData\Local\Temp\PDFCreator --------- 0
----------------------------------------
C:\Program Files
11.12.2011 21:04 C:\Program Files\Malwarebytes' Anti-Malware --------- 4096
07.12.2011 18:29 C:\Program Files\Opera --------- 8192
14.11.2011 16:12 C:\Program Files\Common Files --------- 8192
14.11.2011 10:03 C:\Program Files\DivX --------- 4096
18.10.2011 15:42 C:\Program Files\Avira --------- 0
12.10.2011 20:49 C:\Program Files\Internet Explorer --------- 4096
12.10.2011 07:51 C:\Program Files\Mozilla Firefox --------- 32768
07.10.2011 16:52 C:\Program Files\Sophos --------- 0
15.07.2011 14:20 C:\Program Files\Adobe --------- 0
03.07.2011 22:16 C:\Program Files\Windows Portable Devices --------- 0
22.05.2011 10:21 C:\Program Files\PDFCreator --------- 4096
26.04.2011 08:47 C:\Program Files\InstallShield Installation Information --------- 8192
16.04.2011 11:07 C:\Program Files\ElsterFormular --------- 4096
15.04.2011 21:23 C:\Program Files\Hotspot Shield --------- 4096
29.03.2011 12:55 C:\Program Files\LOLReplay --------- 0
29.03.2011 08:39 C:\Program Files\No23 Recorder --------- 4096
23.03.2011 21:58 C:\Program Files\Nmap --------- 8192
23.03.2011 21:58 C:\Program Files\WinPcap --------- 0
23.03.2011 19:14 C:\Program Files\PixiePack Codec Pack --------- 0
13.03.2011 10:51 C:\Program Files\Pando Networks --------- 0
27.02.2011 17:11 C:\Program Files\CodeBlocks --------- 4096
24.02.2011 12:24 C:\Program Files\Maple 14 --------- 4096
18.02.2011 23:51 C:\Program Files\Java --------- 4096
18.02.2011 16:15 C:\Program Files\NVIDIA Corporation --------- 4096
15.12.2010 11:16 C:\Program Files\Windows Mail --------- 4096
17.11.2010 10:11 C:\Program Files\FreePDF_XP --------- 0
27.10.2010 17:17 C:\Program Files\Microsoft XNA --------- 0
23.10.2010 20:18 C:\Program Files\RayV --------- 0
18.10.2010 09:34 C:\Program Files\Recuva --------- 0
17.10.2010 18:43 C:\Program Files\DVDVideoSoft --------- 0
13.10.2010 11:21 C:\Program Files\Windows Media Player --------- 4096
16.09.2010 19:27 C:\Program Files\Zero G Registry --------- 0
09.09.2010 22:43 C:\Program Files\OpenOffice.org 3 --------- 4096
11.08.2010 12:00 C:\Program Files\Movie Maker --------- 4096
12.06.2010 15:04 C:\Program Files\Livestream Procaster --------- 8192
09.06.2010 08:26 C:\Program Files\Auslogics --------- 0
29.05.2010 09:41 C:\Program Files\WinDjView --------- 0
21.05.2010 19:48 C:\Program Files\TeamViewer --------- 0
21.05.2010 19:33 C:\Program Files\Microsoft SharedView --------- 4096
08.05.2010 20:04 C:\Program Files\QS --------- 0
03.05.2010 22:38 C:\Program Files\Windows Live --------- 4096
03.05.2010 22:38 C:\Program Files\Microsoft SQL Server Compact Edition --------- 0
01.05.2010 10:42 C:\Program Files\oZone3D --------- 0
01.05.2010 10:33 C:\Program Files\CPUID --------- 0
17.04.2010 21:36 C:\Program Files\Microsoft --------- 0
17.04.2010 21:35 C:\Program Files\Windows Live SkyDrive --------- 0
07.04.2010 09:14 C:\Program Files\Microsoft Games for Windows - LIVE --------- 0
30.03.2010 08:13 C:\Program Files\IDT --------- 0
29.03.2010 20:24 C:\Program Files\Lavalys --------- 0
14.02.2010 16:57 C:\Program Files\BOINC --------- 8192
10.02.2010 18:14 C:\Program Files\Notepad++ --------- 4096
27.01.2010 22:25 C:\Program Files\avertSoftware --------- 0
22.10.2009 14:32 C:\Program Files\Microsoft Windows 7 Upgrade Advisor --------- 4096
18.10.2009 18:34 C:\Program Files\WIDCOMM --------- 0
18.10.2009 18:18 C:\Program Files\Dell --------- 4096
10.10.2009 14:14 C:\Program Files\GUI for dvdauthor --------- 8192
02.09.2009 10:14 C:\Program Files\Inkscape --------- 20480
02.09.2009 08:51 C:\Program Files\GhostScript --------- 0
02.09.2009 08:50 C:\Program Files\Ghostview --------- 0
08.06.2009 17:53 C:\Program Files\Sierra On-Line --------- 4096
08.06.2009 17:04 C:\Program Files\Xvid --------- 4096
03.06.2009 18:17 C:\Program Files\Microprose --------- 0
27.05.2009 08:11 C:\Program Files\Windows Calendar --------- 0
27.05.2009 08:11 C:\Program Files\Windows Sidebar --------- 4096
27.05.2009 08:11 C:\Program Files\Windows Collaboration --------- 4096
27.05.2009 08:11 C:\Program Files\Windows Photo Gallery --------- 4096
27.05.2009 08:11 C:\Program Files\Windows Defender --------- 4096
26.05.2009 09:29 C:\Program Files\OO Software --------- 0
26.05.2009 08:54 C:\Program Files\Panda Security --------- 0
12.04.2009 22:50 C:\Program Files\Astonsoft --------- 0
12.04.2009 22:13 C:\Program Files\VMware --------- 4096
04.02.2009 13:12 C:\Program Files\7-Zip --------- 4096
18.12.2008 17:43 C:\Program Files\OpenOffice.org 2.4 --------- 0
19.11.2008 15:22 C:\Program Files\OriginLab --------- 0
16.10.2008 17:52 C:\Program Files\Marvell-HP --------- 0
16.10.2008 17:51 C:\Program Files\Hewlett-Packard --------- 0
20.06.2008 11:56 C:\Program Files\QuickTime --------- 4096
17.06.2008 22:08 C:\Program Files\Nortel Networks --------- 4096
15.06.2008 21:28 C:\Program Files\Acronis --------- 0
12.06.2008 21:24 C:\Program Files\MiKTeX 2.7 --------- 4096
08.06.2008 18:43 C:\Program Files\MSXML 4.0 --------- 0
07.06.2008 22:47 C:\Program Files\Microsoft Office --------- 0
07.06.2008 22:46 C:\Program Files\CyberLink --------- 0
07.06.2008 19:22 C:\Program Files\Marvell --------- 0
07.06.2008 19:19 C:\Program Files\Intel --------- 0
07.06.2008 18:16 C:\Program Files\desktop.ini --------- 174
07.06.2008 17:39 C:\Program Files\DellTPad --------- 4096
07.06.2008 17:33 C:\Program Files\Protector Suite QL --------- 12288
07.06.2008 17:13 C:\Program Files\Windows NT --------- 4096
07.06.2008 17:13 C:\Program Files\Gemeinsame Dateien --------- 0
02.11.2006 14:01 C:\Program Files\Uninstall Information --------- 0
02.11.2006 13:37 C:\Program Files\MSBuild --------- 0
02.11.2006 13:37 C:\Program Files\Reference Assemblies --------- 0
----------------------------------------
C:\ProgramData\..
Tommy
Public
Default
desktop.ini
Default User
All Users
----------------------------------------
C:\Windows\system32\drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
----------------------------------------
Abbildname PID Sitzungsname Sitz.-Nr. Speichernutzung
========================= ======== ================ =========== ===============
System Idle Process 0 Services 0 24 K
System 4 Services 0 2.972 K
smss.exe 536 Services 0 792 K
csrss.exe 604 Services 0 5.252 K
wininit.exe 660 Services 0 4.164 K
csrss.exe 668 Console 1 13.204 K
services.exe 704 Services 0 6.748 K
lsass.exe 728 Services 0 9.968 K
lsm.exe 736 Services 0 4.076 K
winlogon.exe 764 Console 1 5.520 K
svchost.exe 948 Services 0 6.648 K
nvvsvc.exe 1000 Services 0 4.236 K
svchost.exe 1028 Services 0 6.020 K
svchost.exe 1064 Services 0 32.820 K
svchost.exe 1156 Services 0 10.492 K
svchost.exe 1196 Services 0 68.336 K
svchost.exe 1236 Services 0 298.356 K
audiodg.exe 1364 Services 0 13.940 K
svchost.exe 1488 Services 0 4.640 K
SLsvc.exe 1528 Services 0 11.268 K
nvvsvc.exe 1572 Console 1 8.516 K
svchost.exe 1612 Services 0 12.284 K
upeksvr.exe 1724 Console 1 10.756 K
svchost.exe 1744 Services 0 16.044 K
WLTRYSVC.EXE 1972 Services 0 2.752 K
BCMWLTRY.EXE 1992 Services 0 18.032 K
spoolsv.exe 308 Services 0 10.988 K
wlanext.exe 388 Services 0 17.972 K
sched.exe 408 Services 0 632 K
svchost.exe 480 Services 0 19.684 K
armsvc.exe 1980 Services 0 3.476 K
avguard.exe 1984 Services 0 34.440 K
svchost.exe 1752 Services 0 3.368 K
DevSvc.exe 1924 Services 0 9.192 K
EvtEng.exe 376 Services 0 15.852 K
openvpnas.exe 652 Services 0 5.240 K
hsssrv.exe 2056 Services 0 6.548 K
hsswd.exe 2228 Services 0 5.580 K
LSSrvc.exe 2268 Services 0 3.444 K
NvcRpcSvr.exe 2308 Services 0 3.384 K
RegSrvc.exe 2336 Services 0 4.252 K
svchost.exe 2388 Services 0 6.412 K
avshadow.exe 3044 Services 0 5.820 K
taskeng.exe 3528 Services 0 5.732 K
dwm.exe 3592 Console 1 3.568 K
taskeng.exe 3620 Console 1 11.468 K
explorer.exe 3640 Console 1 43.432 K
HP2014MC.EXE 3832 Services 0 3.352 K
MSASCui.exe 4060 Console 1 9.332 K
WLTRAY.EXE 4084 Console 1 15.060 K
Apoint.exe 4092 Console 1 6.024 K
sttray.exe 2064 Console 1 12.004 K
avgnt.exe 2512 Console 1 4.776 K
psqltray.exe 2672 Console 1 13.616 K
ApMsgFwd.exe 3332 Console 1 2.856 K
hidfind.exe 1420 Console 1 3.404 K
wmpnscfg.exe 3424 Console 1 5.116 K
ApntEx.exe 2948 Console 1 3.856 K
RMClock.exe 3452 Console 1 11.424 K
opera.exe 1908 Console 1 227.264 K
WmiPrvSE.exe 3712 Services 0 8.820 K
cmd.exe 1664 Console 1 2.976 K
conime.exe 944 Console 1 3.384 K
TrustedInstaller.exe 3908 Services 0 8.440 K
tasklist.exe 3784 Console 1 4.680 K
***** Ende des Scans 12.12.2011 um 17:06:14,74 ***
|
|
14.12.2011, 11:23
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Bitte poste nicht einfach irgendwelche Logs! HJTScanlist hab ich nicht gewollt! Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.12.2011, 22:36
| #5 |
| | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Hi, hier das Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7bdb92cc7209bd469c31c94e6831e91b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-14 09:14:57
# local_time=2011-12-14 10:14:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 4942323 4942323 0 0
# compatibility_mode=5892 16776573 100 100 4545 161423947 0 0
# compatibility_mode=8192 67108863 100 0 4017 4017 0 0
# scanned=329404
# found=4
# cleaned=0
# scan_time=6052
C:\Program Files\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (unable to clean) 00000000000000000000000000000000 I
C:\Progs\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Tommy\Desktop\icufa.7z Win32/Spy.Zbot.YW trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Temp\hss_update.exe a variant of Win32/HotSpotShield application (unable to clean) 00000000000000000000000000000000 I
- Zu HSS: Benutze ich, hab ich auch installiert. Weiß nicht wirklich warum an zwei Orten. Hab die Dateien auch bei virustotal nochmal hochgeladen - da gab es 1 respektive 2 Treffer von 42 Viele Grüße und besten Dank |
|
15.12.2011, 11:17
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U |
|
15.12.2011, 13:06
| #7 |
| | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.12.2011 12:17:16 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tommy\Desktop\otl Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19170) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 72,01% Memory free 5,36 Gb Paging File | 4,49 Gb Available in Paging File | 83,73% Paging File free Paging file location(s): d:\pagefile.sys 2024 2024 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 50,01 Gb Total Space | 10,40 Gb Free Space | 20,79% Space Free | Partition Type: NTFS Drive D: | 93,13 Gb Total Space | 19,55 Gb Free Space | 20,99% Space Free | Partition Type: NTFS Computer Name: TMSL | User Name: Tommy | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Tommy\Desktop\otl\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe () PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Windows\System32\spool\drivers\w32x86\3\HP2014MC.EXE (Software 2000 Limited) PRC - C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.) PRC - C:\Program Files\Protector Suite QL\upeksvr.exe (UPEK Inc.) PRC - C:\Program Files\Protector Suite QL\psqltray.exe (UPEK Inc.) PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll () MOD - C:\Windows\System32\bcmwlrmt.dll () ========== Win32 Services (SafeList) ========== SRV - (gupdate) Google Update Service (gupdate) -- File not found SRV - (AESTFilters) -- File not found SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (VWL) -- C:\Users\Tommy\AppData\Local\Temp\VWL.exe (Sysinternals - www.sysinternals.com) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe () SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe () SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.) SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe () SRV - (vmserverdWin32) -- C:\Program Files\VMware\VMware Server\vmserverdWin32.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Server\vmware-authd.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.) SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.) SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_2ba5baa4\stacsv.exe (IDT, Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.) SRV - (NvcRpcServer) -- C:\Program Files\Nortel Networks\NvcRpcSvr.exe (Nortel Networks NA, Inc.) SRV - (Capture Device Service) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe (InterVideo Inc.) SRV - (matlabserver) -- C:\Progs\Matlab\webserver\bin\win32\matlabserver.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HssDrv) -- C:\Windows\System32\drivers\hssdrv.sys (AnchorFree Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (EverestDriver) -- C:\Program Files\Lavalys\EVEREST Corporate Edition\kerneld.wnt () DRV - (cpuz132) -- C:\Windows\System32\drivers\cpuz132_x32.sys (Windows (R) Codename Longhorn DDK provider) DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.) DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.) DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.) DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.) DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.) DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.) DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis) DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis) DRV - (UDXTTM6010) -- C:\Windows\System32\drivers\UDXTTM6010.sys () DRV - (tapvpn) -- C:\Windows\System32\drivers\tapvpn.sys (The OpenVPN Project) DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation) DRV - (vstor2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.) DRV - (Eacfilt) -- C:\Windows\System32\drivers\eacfilt.sys (Nortel Networks) DRV - (IPSECSHM) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (IPSECEXT) -- C:\Windows\System32\drivers\ipsecw2k.sys (Nortel Networks NA, Inc.) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (ASPI) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {d04b0b40-3dab-4f0b-97a6-04ec3eddbfb0}:2.0.5 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}:5.0.16 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {9815d32d-08c2-42ca-a8c6-43e501a4512f}:0.3.3 FF - prefs.js..extensions.enabledItems: extension@virtusdesigns.com:3.6.7 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323 FF - prefs.js..extensions.enabledItems: {5c876f30-10ce-11dd-bd0b-0800200c9a66}:3.6.7 FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties" FF - prefs.js..network.proxy.autoconfig_url: "hxxp://www.adminvip.com/" FF - prefs.js..network.proxy.http: "94.76.239.95" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.socks_version: 4 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Progs\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc;version=0.8.6h: C:\Progs\VLC\npvlc.dll (VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.14 10:03:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.12 07:51:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Progs\Thunderbird\components [2011.02.17 14:18:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Progs\Thunderbird\plugins [2011.09.15 07:57:49 | 000,000,000 | ---D | M] [2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions [2011.02.17 14:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.11.21 20:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions [2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.20 20:25:01 | 000,000,000 | ---D | M] (Aero Fox Silver XL) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66} [2010.04.29 20:02:25 | 000,000,000 | ---D | M] (Tor-Proxy.NET Toolbar) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{9815d32d-08c2-42ca-a8c6-43e501a4512f} [2011.11.21 20:52:17 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.11.14 15:29:35 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.11.14 15:29:37 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.12.20 20:25:12 | 000,000,000 | ---D | M] (Virtus Search Opt-in) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com [2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\chrome [2010.12.20 20:25:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\extension@virtusdesigns.com\defaults [2010.12.20 20:25:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tommy\AppData\Roaming\mozilla\Firefox\Profiles\0w1774ub.default\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions [2011.05.16 21:22:51 | 000,005,212 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\0w1774ub.default\searchplugins\ecosia.xml [2011.02.18 23:51:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2008.09.24 12:00:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} [2010.04.19 15:19:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.02.04 09:09:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.18 23:51:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2008.06.17 22:28:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\inspector@mozilla.org [2011.11.14 10:03:32 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 () (No name found) -- C:\USERS\TOMMY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0W1774UB.DEFAULT\EXTENSIONS\{D04B0B40-3DAB-4F0B-97A6-04EC3EDDBFB0}.XPI [2011.10.12 07:51:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.10.21 16:45:03 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2009.09.25 16:01:26 | 000,071,016 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npsharedview.dll [2011.10.12 07:51:16 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.12 07:51:16 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.12 07:51:16 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.12 07:51:16 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.10.12 07:51:16 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.12 07:51:16 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [RMClock] C:\Progs\RMClock\RMClockLauncher.exe (NGO Science Center "RightMark") O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: microsoft.com ([www.update] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} hxxp://support.euro.dell.com/systemprofiler/DellSystemLite.CAB (DellSystemLite.Scanner) O16 - DPF: {CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab (Java Plug-in 1.5.0_16) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 141.2.22.74 141.2.149.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5ACC3C84-F456-4F14-B5CE-7D7ACF0999E8}: DhcpNameServer = 141.2.22.74 141.2.149.10 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C5DA2D11-279B-43DE-ACE2-F1D3DD0A5D22}: NameServer = 10.90.24.1 O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: D:\Daten\Apophysis\fairytreeback.jpg O24 - Desktop BackupWallPaper: D:\Daten\Apophysis\fairytreeback.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell - "" = AutoRun O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - File not found MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - File not found MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: NvMediaCenter - hkey= - key= - File not found MsConfig - StartUpReg: OODefragTray - hkey= - key= - File not found MsConfig - StartUpReg: PCMService - hkey= - key= - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {9C450606-ED24-4958-92BA-B8940C99D441} - C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.dvacm - C:\Program Files\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation) Drivers32: msacm.mpegacm - C:\Program Files\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.) Drivers32: msacm.ulmp3acm - C:\Program Files\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: vidc.uldx - C:\Progs\Ulead DVD MOVIEFACTORY6\Ulead DVD MovieFactory 6\DivX_ul.dll (DivXNetworks, Inc.) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.12.14 20:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.12.14 20:26:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Tommy\Desktop\esetsmartinstaller_enu.exe [2011.12.12 22:11:20 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\otl [2011.12.12 17:11:12 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.12 17:04:54 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Desktop\hjtscanlist [2011.12.11 21:04:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.12.11 21:04:06 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.30 20:02:22 | 000,000,000 | ---D | C] -- C:\Users\Tommy\Documents\Crayon Physics Deluxe [2011.11.30 19:58:03 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe [2011.11.30 19:58:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crayon Physics Deluxe [2011.11.30 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\Tommy\.KoalaNext [2011.11.30 16:44:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.11.30 11:34:23 | 000,000,000 | ---D | C] -- C:\Users\Tommy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Miranda IM [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.12.15 12:18:34 | 000,621,126 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.12.15 12:18:34 | 000,589,862 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.12.15 12:18:34 | 000,123,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.12.15 12:18:34 | 000,102,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.12.15 12:13:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.12.15 12:13:08 | 000,175,225 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.12.15 12:12:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.15 12:12:08 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.15 12:12:07 | 000,003,648 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.15 12:11:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.14 22:38:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.12.14 21:44:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.12.14 20:26:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Tommy\Desktop\esetsmartinstaller_enu.exe [2011.12.14 20:18:09 | 000,317,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.12.12 18:12:30 | 000,046,563 | ---- | M] () -- C:\Users\Tommy\Desktop\Logs.zip [2011.12.12 17:21:48 | 000,302,592 | ---- | M] () -- C:\Users\Tommy\Desktop\6iztf7qt.exe [2011.12.12 17:16:51 | 000,000,020 | ---- | M] () -- C:\Users\Tommy\defogger_reenable [2011.12.12 17:15:23 | 000,050,477 | ---- | M] () -- C:\Users\Tommy\Desktop\Defogger.exe [2011.12.11 21:04:10 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.11 16:09:50 | 000,113,677 | ---- | M] () -- C:\Users\Tommy\Desktop\icufa.7z [2011.12.11 15:43:35 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.12.07 17:02:49 | 000,097,128 | ---- | M] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf [2011.11.30 17:34:29 | 000,011,992 | ---- | M] () -- C:\Users\Tommy\Desktop\koala.jnlp [2011.11.30 17:25:58 | 000,355,517 | ---- | M] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf [2011.11.30 16:29:58 | 000,131,729 | ---- | M] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.12.12 20:26:33 | 000,116,224 | ---- | C] () -- C:\Users\Tommy\Desktop\pdfcmnnt.dll [2011.12.12 18:12:30 | 000,046,563 | ---- | C] () -- C:\Users\Tommy\Desktop\Logs.zip [2011.12.12 17:21:48 | 000,302,592 | ---- | C] () -- C:\Users\Tommy\Desktop\6iztf7qt.exe [2011.12.12 17:16:41 | 000,000,020 | ---- | C] () -- C:\Users\Tommy\defogger_reenable [2011.12.12 17:15:23 | 000,050,477 | ---- | C] () -- C:\Users\Tommy\Desktop\Defogger.exe [2011.12.11 21:04:10 | 000,000,866 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.12.11 16:09:50 | 000,113,677 | ---- | C] () -- C:\Users\Tommy\Desktop\icufa.7z [2011.12.07 17:02:39 | 000,097,128 | ---- | C] () -- C:\Users\Tommy\Desktop\testsofpcGR1.pdf [2011.11.30 17:46:14 | 000,011,992 | ---- | C] () -- C:\Users\Tommy\Desktop\koala.jnlp [2011.11.30 17:23:29 | 000,355,517 | ---- | C] () -- C:\Users\Tommy\Desktop\chaplin-dark-energy-stars.pdf [2011.11.30 16:29:58 | 000,131,729 | ---- | C] () -- C:\Users\Tommy\Desktop\isaacspdf.pdf [2011.07.05 19:25:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2011.05.22 10:21:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2011.04.01 15:07:09 | 000,000,269 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\rftg [2011.02.11 22:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll [2011.01.22 18:00:29 | 000,210,456 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll [2011.01.22 18:00:29 | 000,194,072 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll [2011.01.22 18:00:09 | 000,206,360 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll [2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll [2011.01.22 18:00:09 | 000,198,168 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll [2011.01.22 18:00:09 | 000,026,136 | ---- | C] () -- C:\Windows\System32\IVIresize.dll [2010.11.10 10:11:33 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2010.11.10 10:11:33 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2010.10.17 18:36:59 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.09.16 19:27:47 | 000,212,992 | ---- | C] () -- C:\Windows\System32\WMIMPLEX.dll [2010.09.16 19:27:47 | 000,031,744 | ---- | C] () -- C:\Windows\System32\maplec.dll [2010.09.16 19:27:47 | 000,020,480 | ---- | C] () -- C:\Windows\System32\maplecompat.dll [2010.02.23 12:07:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.01.26 08:58:01 | 000,000,078 | ---- | C] () -- C:\Windows\ricdb.ini [2010.01.20 18:10:59 | 000,007,497 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\gnuplot_history [2009.11.06 09:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.10.30 19:51:32 | 000,596,896 | ---- | C] () -- C:\Windows\System32\drivers\UDXTTM6010.sys [2009.10.18 18:39:23 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.09.02 10:47:27 | 000,000,000 | ---- | C] () -- C:\Windows\IMAGETOPDF.INI [2009.09.02 09:12:05 | 000,139,264 | ---- | C] () -- C:\Windows\gswin32c.exe [2009.06.08 17:26:48 | 000,000,313 | ---- | C] () -- C:\Windows\SIERRA.INI [2009.06.08 17:04:01 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2009.06.08 17:04:01 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2009.05.27 08:00:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.05.27 08:00:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.05.27 07:59:40 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2009.05.08 22:10:05 | 000,023,888 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\UserTile.png [2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2008.10.30 10:49:34 | 000,000,022 | ---- | C] () -- C:\ProgramData\8f01a90e-7eb3-48d3-93b1-50d88fd146fb [2008.10.16 17:51:49 | 000,065,536 | ---- | C] () -- C:\Windows\System32\HPPMLVS.DLL [2008.10.01 13:05:16 | 000,000,157 | ---- | C] () -- C:\Windows\matlab.ini [2008.08.07 15:15:24 | 000,000,616 | ---- | C] () -- C:\Windows\eReg.dat [2008.07.27 16:43:12 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.06.22 07:22:34 | 000,073,728 | ---- | C] () -- C:\Users\Tommy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.16 19:46:25 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys [2008.06.16 18:54:09 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2008.06.16 18:54:09 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2008.06.16 18:54:09 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2008.06.16 18:54:09 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2008.06.16 18:54:09 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2008.06.16 18:54:09 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2008.06.16 18:54:09 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2008.06.16 18:54:09 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2008.06.16 18:54:09 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2008.06.16 18:54:09 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2008.06.16 18:54:09 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2008.06.16 18:54:09 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2008.06.16 18:54:09 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2008.06.16 18:54:09 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2008.06.16 18:54:09 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2008.06.16 18:54:09 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2008.06.16 18:54:09 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.06.16 18:40:09 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.06.16 18:40:08 | 000,175,225 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.06.07 21:29:31 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI [2008.06.07 20:12:10 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.001 [2008.06.07 19:58:39 | 000,130,155 | ---- | C] () -- C:\Users\Tommy\AppData\Roaming\nvModes.dat [2008.06.07 17:36:08 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll [2008.06.07 17:36:07 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE [2008.06.07 17:25:51 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2008.06.07 17:15:10 | 000,000,680 | ---- | C] () -- C:\Users\Tommy\AppData\Local\d3d9caps.dat [2007.07.25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll [2006.11.03 16:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll [2006.11.02 16:42:41 | 000,621,126 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2006.11.02 16:42:41 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2006.11.02 16:42:41 | 000,123,858 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2006.11.02 16:42:41 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:43 | 000,317,984 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 11:33:01 | 000,589,862 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,102,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2002.03.17 01:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000073.DLL [2001.11.14 11:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2011.05.16 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft [2010.06.09 08:27:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Auslogics [2010.03.20 14:51:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ChessBase [2011.11.30 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe [2008.07.31 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools [2009.04.12 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner [2011.03.06 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\elsterformular [2011.11.30 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\foobar2000 [2010.10.21 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Foxit Software [2011.06.19 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gtk-2.0 [2011.02.17 13:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\HLSW [2009.09.02 10:22:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Inkscape [2011.03.13 18:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LolClient [2010.08.25 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Miranda [2010.02.10 18:14:35 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++ [2010.06.07 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape [2008.12.18 18:47:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org [2008.06.07 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Opera [2008.11.12 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OriginLab [2009.05.08 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PeerNetworking [2009.09.02 09:52:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PStill [2011.03.23 21:40:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RapidSolution [2010.10.23 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RayV [2011.05.25 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Spotify [2010.08.30 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Stardock [2010.05.08 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TeamViewer [2009.10.30 19:57:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TerraTec [2011.02.17 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird [2008.10.18 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TMP [2011.07.03 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client [2009.05.26 08:59:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TuneUp Software [2011.01.22 18:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Ulead Systems [2009.12.10 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wizards of the Coast [2009.08.20 09:48:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wuala [2010.10.22 17:02:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\XnView [2011.12.14 22:38:11 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.05.16 16:52:57 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\.minecraft [2011.07.15 14:20:59 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Adobe [2010.06.09 08:27:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Auslogics [2011.10.18 15:42:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Avira [2010.03.20 14:51:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\ChessBase [2011.04.18 07:43:51 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\codeblocks [2011.11.30 20:58:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Crayon Physics Deluxe [2008.08.17 13:05:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\CyberLink [2008.07.31 20:51:43 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DAEMON Tools [2009.04.12 22:51:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DeepBurner [2010.05.04 17:33:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\DivX [2011.12.11 16:34:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\dvdcss [2011.03.06 21:32:33 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\elsterformular [2011.11.30 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\foobar2000 [2010.10.21 16:46:41 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Foxit Software [2011.06.19 21:47:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\gtk-2.0 [2008.10.02 17:45:15 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Hamachi [2011.02.17 13:09:21 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\HLSW [2008.06.07 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Identities [2009.09.02 10:22:20 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Inkscape [2008.06.07 22:46:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\InstallShield [2008.06.07 19:20:51 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Intel [2011.03.13 18:26:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\LolClient [2009.11.28 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Macromedia [2011.05.18 18:52:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Malwarebytes [2011.02.24 12:48:21 | 000,000,000 | --SD | M] -- C:\Users\Tommy\AppData\Roaming\Microsoft [2010.08.25 12:39:08 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Miranda [2010.06.07 17:35:19 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Mozilla [2008.08.17 12:48:28 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Nero [2010.02.10 18:14:35 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Notepad++ [2010.06.07 17:35:18 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Octoshape [2008.12.18 18:47:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org [2008.12.17 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OpenOffice.org2 [2008.06.07 21:17:54 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Opera [2008.11.12 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\OriginLab [2009.05.08 22:10:04 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PeerNetworking [2009.09.02 09:52:06 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\PStill [2011.03.23 21:40:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RapidSolution [2010.10.23 20:18:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\RayV [2010.02.12 18:20:54 | 000,000,000 | RH-D | M] -- C:\Users\Tommy\AppData\Roaming\SecuROM [2011.12.07 17:28:09 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Skype [2011.07.15 13:39:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\skypePM [2011.05.25 20:36:12 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Spotify [2010.08.30 18:45:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Stardock [2009.09.04 09:40:02 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\teamspeak2 [2010.05.08 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TeamViewer [2009.10.30 19:57:01 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TerraTec [2011.02.17 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Thunderbird [2008.10.18 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TMP [2011.07.03 20:30:44 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TS3Client [2009.05.26 08:59:14 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\TuneUp Software [2011.01.22 18:15:39 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Ulead Systems [2008.06.27 08:28:26 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\vlc [2010.09.28 10:04:58 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\VMware [2008.06.15 15:40:52 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\WinRAR [2009.12.10 18:27:36 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wizards of the Coast [2009.08.20 09:48:32 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\Wuala [2010.10.22 17:02:47 | 000,000,000 | ---D | M] -- C:\Users\Tommy\AppData\Roaming\XnView < %APPDATA%\*.exe /s > [2011.03.21 00:21:52 | 002,533,221 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\c10t-1.7-windows-x86\c10t-1.7\c10t.exe [2010.10.31 23:02:56 | 000,457,728 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\Cartograph\Cartograph.exe [2011.04.20 12:21:41 | 000,249,856 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\cartograph_g_2011_04_20_bins\Cartograph_G.exe [2011.04.04 13:48:22 | 000,852,480 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\cartograph_g_2011_04_20_bins\Cartograph_G_Post_Processor.exe [2011.04.20 12:22:00 | 000,490,496 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\cartograph_g_2011_04_20_bins\Cartograph_G_Renderer.exe [2011.01.15 23:18:43 | 000,238,985 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\.minecraft\texturepacks\Bumpmaftv1_5_5\mcpatcher-1.1.11.exe [2011.07.15 14:20:44 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Tommy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2010.04.08 16:07:32 | 000,319,488 | ---- | M] (Octoshape ApS) -- C:\Users\Tommy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe [2008.06.07 17:18:32 | 000,010,134 | R--- | M] () -- C:\Users\Tommy\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\ARPPRODUCTICON.exe [2008.06.07 17:18:32 | 000,045,056 | R--- | M] (Macrovision Corporation) -- C:\Users\Tommy\AppData\Roaming\Microsoft\Installer\{42929F0F-CE14-47AF-9FC7-FF297A603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe [2009.01.08 14:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Tommy\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009.08.20 09:48:33 | 000,223,851 | ---- | M] () -- C:\Users\Tommy\AppData\Roaming\Wuala\Wuala.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2007.02.22 02:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=5653737BAD8C6C10136451C195C19881 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20485_none_db8a029f3dbd443b\atapi.sys [2007.02.22 02:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys [2007.02.22 02:53:17 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=A779CA2C76DA4FCB595E692C05E8E4EB -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16391_none_daf194c024ab5b06\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [1999.10.02 11:24:46 | 000,017,408 | ---- | M] () MD5=1363337A5301619F00F8033835EF30E9 -- C:\Progs\Matlab\sys\perl\win32\site\lib\auto\Win32\EventLog\EventLog.dll [2007.03.28 18:49:06 | 000,033,280 | ---- | M] (UPEK Inc.) MD5=6A8C7938BED3472E80FC8D25D6EF87E2 -- C:\Program Files\Protector Suite QL\eventlog.dll < MD5 for: IASTORV.SYS > [2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2007.01.06 06:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys [2007.01.06 06:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys [2007.01.06 06:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvstor.inf_f48b8337\nvstor.sys [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.18 22:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WININIT.EXE > [2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 20:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007.08.07 14:49:06 | 000,065,536 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\bcmwlrmt.dll < End of report > [/code] |
|
15.12.2011, 13:45
| #8 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.UZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2011, 13:57
| #9 |
| | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Nein das ist kein Bürorechner. Ich habe ihn nur heute mit in die Uni genommen. |
|
15.12.2011, 15:28
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
SRV - (VWL) -- C:\Users\Tommy\AppData\Local\Temp\VWL.exe (Sysinternals - www.sysinternals.com)
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..network.proxy.autoconfig_url: "http://www.adminvip.com/"
FF - prefs.js..network.proxy.http: "94.76.239.95"
FF - prefs.js..network.proxy.http_port: 3128
FF - prefs.js..network.proxy.socks_version: 4
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell - "" = AutoRun
O33 - MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2011, 18:43
| #11 |
| | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.UCode:
ATTFilter All processes killed
========== OTL ==========
Service VWL stopped successfully!
Service VWL deleted successfully!
C:\Users\Tommy\AppData\Local\Temp\VWL.exe moved successfully.
Prefs.js: "chr-greentree_ff&type=302398" removed from browser.search.param.yahoo-fr
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://www.adminvip.com/" removed from network.proxy.autoconfig_url
Prefs.js: "94.76.239.95" removed from network.proxy.http
Prefs.js: 3128 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.socks_version
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f97bcc9-5f3c-11dd-9202-444553544200}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3f97bcc9-5f3c-11dd-9202-444553544200}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3f97bcc9-5f3c-11dd-9202-444553544200}\ not found.
File F:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43e031af-a6a8-11de-8c15-005056c00008}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{43e031af-a6a8-11de-8c15-005056c00008}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{43e031af-a6a8-11de-8c15-005056c00008}\ not found.
File G:\LaunchU3.exe -a not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: Tommy
->Temp folder emptied: 206525148 bytes
->Temporary Internet Files folder emptied: 6250257 bytes
->Java cache emptied: 73499376 bytes
->FireFox cache emptied: 63800426 bytes
->Opera cache emptied: 125360924 bytes
->Flash cache emptied: 1098483 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 110948904 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 561,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.31.0 log created on 12152011_183343
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
15.12.2011, 19:37
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!  Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )  Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.12.2011, 22:53
| #13 |
| | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.UCode:
ATTFilter 22:50:36.0748 2204 TDSS rootkit removing tool 2.6.23.0 Dec 13 2011 10:39:31
22:50:36.0801 2204 ============================================================
22:50:36.0801 2204 Current date / time: 2011/12/15 22:50:36.0801
22:50:36.0801 2204 SystemInfo:
22:50:36.0801 2204
22:50:36.0801 2204 OS Version: 6.0.6002 ServicePack: 2.0
22:50:36.0801 2204 Product type: Workstation
22:50:36.0801 2204 ComputerName: TMSL
22:50:36.0801 2204 UserName: Tommy
22:50:36.0801 2204 Windows directory: C:\Windows
22:50:36.0801 2204 System windows directory: C:\Windows
22:50:36.0801 2204 Processor architecture: Intel x86
22:50:36.0801 2204 Number of processors: 2
22:50:36.0801 2204 Page size: 0x1000
22:50:36.0801 2204 Boot type: Normal boot
22:50:36.0801 2204 ============================================================
22:50:37.0853 2204 Initialize success
22:51:14.0265 3332 ============================================================
22:51:14.0265 3332 Scan started
22:51:14.0265 3332 Mode: Manual; SigCheck; TDLFS;
22:51:14.0265 3332 ============================================================
22:51:15.0588 3332 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
22:51:15.0783 3332 ACPI - ok
22:51:16.0018 3332 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
22:51:16.0121 3332 adp94xx - ok
22:51:16.0152 3332 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
22:51:16.0167 3332 adpahci - ok
22:51:16.0199 3332 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
22:51:16.0214 3332 adpu160m - ok
22:51:16.0339 3332 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
22:51:16.0355 3332 adpu320 - ok
22:51:16.0481 3332 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
22:51:16.0546 3332 AFD - ok
22:51:16.0586 3332 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
22:51:16.0601 3332 agp440 - ok
22:51:16.0641 3332 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
22:51:16.0656 3332 aic78xx - ok
22:51:16.0716 3332 aliide (3a99cb23a2d326fd532618705d6e3048) C:\Windows\system32\drivers\aliide.sys
22:51:16.0731 3332 aliide - ok
22:51:16.0751 3332 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
22:51:16.0761 3332 amdagp - ok
22:51:16.0786 3332 amdide (4333c133dbd71c7d7fe4fb1b83f9ee3e) C:\Windows\system32\drivers\amdide.sys
22:51:16.0801 3332 amdide - ok
22:51:16.0836 3332 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
22:51:16.0996 3332 AmdK7 - ok
22:51:17.0026 3332 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
22:51:17.0076 3332 AmdK8 - ok
22:51:17.0126 3332 ApfiltrService (a80230bd04f0b8bf05185b369bb1cbb8) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:51:17.0216 3332 ApfiltrService - ok
22:51:17.0286 3332 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
22:51:17.0296 3332 arc - ok
22:51:17.0316 3332 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
22:51:17.0326 3332 arcsas - ok
22:51:17.0376 3332 ASPI (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
22:51:17.0396 3332 ASPI ( UnsignedFile.Multi.Generic ) - warning
22:51:17.0396 3332 ASPI - detected UnsignedFile.Multi.Generic (1)
22:51:17.0426 3332 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
22:51:17.0456 3332 AsyncMac - ok
22:51:17.0476 3332 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
22:51:17.0486 3332 atapi - ok
22:51:17.0536 3332 avgntflt (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
22:51:17.0546 3332 avgntflt - ok
22:51:17.0671 3332 avipbb (475fbb85956534720858ae72010c0a43) C:\Windows\system32\DRIVERS\avipbb.sys
22:51:17.0681 3332 avipbb - ok
22:51:17.0731 3332 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
22:51:17.0741 3332 avkmgr - ok
22:51:17.0786 3332 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
22:51:17.0816 3332 Beep - ok
22:51:17.0836 3332 blbdrive - ok
22:51:17.0876 3332 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
22:51:17.0906 3332 bowser - ok
22:51:17.0926 3332 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
22:51:17.0956 3332 BrFiltLo - ok
22:51:17.0976 3332 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
22:51:18.0006 3332 BrFiltUp - ok
22:51:18.0036 3332 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
22:51:18.0076 3332 Brserid - ok
22:51:18.0106 3332 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
22:51:18.0146 3332 BrSerWdm - ok
22:51:18.0166 3332 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
22:51:18.0216 3332 BrUsbMdm - ok
22:51:18.0236 3332 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
22:51:18.0276 3332 BrUsbSer - ok
22:51:18.0326 3332 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
22:51:18.0346 3332 BthEnum - ok
22:51:18.0386 3332 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
22:51:18.0406 3332 BTHMODEM - ok
22:51:18.0426 3332 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
22:51:18.0456 3332 BthPan - ok
22:51:18.0521 3332 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
22:51:18.0576 3332 BTHPORT - ok
22:51:18.0606 3332 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
22:51:18.0626 3332 BTHUSB - ok
22:51:18.0661 3332 btwaudio (4a28e7bd365377d0512b7ef8c7596d2c) C:\Windows\system32\drivers\btwaudio.sys
22:51:18.0671 3332 btwaudio - ok
22:51:18.0691 3332 btwavdt (5ffde57253d665067b0886612817eb11) C:\Windows\system32\drivers\btwavdt.sys
22:51:18.0696 3332 btwavdt - ok
22:51:18.0721 3332 btwrchid (ab07dc8b05c31a4f95fc73019be9db15) C:\Windows\system32\DRIVERS\btwrchid.sys
22:51:18.0726 3332 btwrchid - ok
22:51:18.0796 3332 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
22:51:18.0856 3332 cdfs - ok
22:51:18.0896 3332 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
22:51:18.0946 3332 cdrom - ok
22:51:18.0976 3332 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
22:51:19.0046 3332 circlass - ok
22:51:19.0086 3332 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
22:51:19.0106 3332 CLFS - ok
22:51:19.0166 3332 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
22:51:19.0213 3332 CmBatt - ok
22:51:19.0244 3332 cmdide (dfb94a6fc3a26972b0461ab5f1d8272b) C:\Windows\system32\drivers\cmdide.sys
22:51:19.0244 3332 cmdide - ok
22:51:19.0260 3332 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
22:51:19.0276 3332 Compbatt - ok
22:51:19.0322 3332 cpuz132 (097a0a4899b759a4f032bd464963b4be) C:\Windows\system32\drivers\cpuz132_x32.sys
22:51:19.0338 3332 cpuz132 ( UnsignedFile.Multi.Generic ) - warning
22:51:19.0338 3332 cpuz132 - detected UnsignedFile.Multi.Generic (1)
22:51:19.0369 3332 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
22:51:19.0369 3332 crcdisk - ok
22:51:19.0400 3332 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
22:51:19.0447 3332 Crusoe - ok
22:51:19.0494 3332 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
22:51:19.0556 3332 CSC - ok
22:51:19.0588 3332 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
22:51:19.0603 3332 DfsC - ok
22:51:19.0663 3332 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
22:51:19.0673 3332 disk - ok
22:51:19.0733 3332 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
22:51:19.0758 3332 drmkaud - ok
22:51:19.0798 3332 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
22:51:19.0881 3332 DXGKrnl - ok
22:51:19.0943 3332 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
22:51:20.0021 3332 E1G60 - ok
22:51:20.0068 3332 Eacfilt (47d1b4dc8da75742f023ae21e0d057a2) C:\Windows\system32\DRIVERS\eacfilt.sys
22:51:20.0083 3332 Eacfilt - ok
22:51:20.0130 3332 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
22:51:20.0146 3332 Ecache - ok
22:51:20.0193 3332 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
22:51:20.0208 3332 elxstor - ok
22:51:20.0239 3332 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\Windows\system32\DRIVERS\ENTECH.sys
22:51:20.0255 3332 ENTECH - ok
22:51:20.0302 3332 EverestDriver - ok
22:51:20.0349 3332 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
22:51:20.0369 3332 exfat - ok
22:51:20.0414 3332 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
22:51:20.0449 3332 fastfat - ok
22:51:20.0494 3332 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
22:51:20.0544 3332 fdc - ok
22:51:20.0574 3332 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
22:51:20.0584 3332 FileInfo - ok
22:51:20.0599 3332 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
22:51:20.0629 3332 Filetrace - ok
22:51:20.0654 3332 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
22:51:20.0699 3332 flpydisk - ok
22:51:20.0744 3332 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
22:51:20.0754 3332 FltMgr - ok
22:51:20.0824 3332 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
22:51:20.0854 3332 Fs_Rec - ok
22:51:20.0894 3332 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
22:51:20.0899 3332 gagp30kx - ok
22:51:20.0964 3332 hamachi (85f4e4617dbd603c2202354cedfdf249) C:\Windows\system32\DRIVERS\hamachi.sys
22:51:20.0969 3332 hamachi - ok
22:51:21.0024 3332 hcmon (c511a1973c0f119d33e08946a46b4b15) C:\Windows\system32\Drivers\hcmon.sys
22:51:21.0024 3332 hcmon ( UnsignedFile.Multi.Generic ) - warning
22:51:21.0024 3332 hcmon - detected UnsignedFile.Multi.Generic (1)
22:51:21.0079 3332 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
22:51:21.0124 3332 HdAudAddService - ok
22:51:21.0214 3332 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:51:21.0249 3332 HDAudBus - ok
22:51:21.0284 3332 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
22:51:21.0314 3332 HidBth - ok
22:51:21.0349 3332 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
22:51:21.0404 3332 HidIr - ok
22:51:21.0459 3332 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
22:51:21.0474 3332 HidUsb - ok
22:51:21.0519 3332 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
22:51:21.0529 3332 HpCISSs - ok
22:51:21.0584 3332 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\Windows\system32\DRIVERS\HssDrv.sys
22:51:21.0594 3332 HssDrv - ok
22:51:21.0679 3332 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
22:51:21.0734 3332 HTTP - ok
22:51:21.0784 3332 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
22:51:21.0794 3332 i2omp - ok
22:51:21.0866 3332 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
22:51:21.0897 3332 i8042prt - ok
22:51:21.0928 3332 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
22:51:21.0944 3332 iaStorV - ok
22:51:21.0960 3332 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
22:51:21.0975 3332 iirsp - ok
22:51:22.0006 3332 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
22:51:22.0022 3332 intelide - ok
22:51:22.0069 3332 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
22:51:22.0084 3332 intelppm - ok
22:51:22.0162 3332 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:51:22.0178 3332 IpFilterDriver - ok
22:51:22.0209 3332 IpInIp - ok
22:51:22.0256 3332 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
22:51:22.0303 3332 IPMIDRV - ok
22:51:22.0334 3332 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
22:51:22.0365 3332 IPNAT - ok
22:51:22.0412 3332 IPSECEXT (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
22:51:22.0428 3332 IPSECEXT - ok
22:51:22.0443 3332 IPSECSHM (c8f7d3fe794f5f681d3316fa0958d5e4) C:\Windows\system32\DRIVERS\ipsecw2k.sys
22:51:22.0443 3332 IPSECSHM - ok
22:51:22.0448 3332 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
22:51:22.0483 3332 IRENUM - ok
22:51:22.0543 3332 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
22:51:22.0548 3332 isapnp - ok
22:51:22.0593 3332 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
22:51:22.0608 3332 iScsiPrt - ok
22:51:22.0643 3332 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
22:51:22.0653 3332 iteatapi - ok
22:51:22.0688 3332 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
22:51:22.0698 3332 iteraid - ok
22:51:22.0743 3332 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
22:51:22.0758 3332 kbdclass - ok
22:51:22.0881 3332 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
22:51:22.0912 3332 kbdhid - ok
22:51:22.0974 3332 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
22:51:23.0021 3332 KSecDD - ok
22:51:23.0099 3332 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
22:51:23.0161 3332 lltdio - ok
22:51:23.0224 3332 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
22:51:23.0239 3332 LSI_FC - ok
22:51:23.0317 3332 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
22:51:23.0333 3332 LSI_SAS - ok
22:51:23.0380 3332 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
22:51:23.0395 3332 LSI_SCSI - ok
22:51:23.0427 3332 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
22:51:23.0473 3332 luafv - ok
22:51:23.0536 3332 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
22:51:23.0551 3332 megasas - ok
22:51:23.0583 3332 MEMSWEEP2 - ok
22:51:23.0666 3332 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
22:51:23.0712 3332 Modem - ok
22:51:23.0759 3332 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
22:51:23.0806 3332 monitor - ok
22:51:23.0837 3332 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
22:51:23.0853 3332 mouclass - ok
22:51:23.0884 3332 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
22:51:23.0931 3332 mouhid - ok
22:51:23.0978 3332 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
22:51:23.0993 3332 MountMgr - ok
22:51:24.0040 3332 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
22:51:24.0056 3332 mpio - ok
22:51:24.0102 3332 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
22:51:24.0149 3332 mpsdrv - ok
22:51:24.0196 3332 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
22:51:24.0212 3332 Mraid35x - ok
22:51:24.0258 3332 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
22:51:24.0305 3332 MRxDAV - ok
22:51:24.0336 3332 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:51:24.0383 3332 mrxsmb - ok
22:51:24.0433 3332 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:51:24.0463 3332 mrxsmb10 - ok
22:51:24.0493 3332 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:51:24.0513 3332 mrxsmb20 - ok
22:51:24.0563 3332 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
22:51:24.0583 3332 msahci - ok
22:51:24.0628 3332 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
22:51:24.0648 3332 msdsm - ok
22:51:24.0678 3332 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
22:51:24.0738 3332 Msfs - ok
22:51:24.0783 3332 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
22:51:24.0803 3332 msisadrv - ok
22:51:24.0853 3332 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
22:51:24.0893 3332 MSKSSRV - ok
22:51:24.0933 3332 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
22:51:24.0973 3332 MSPCLOCK - ok
22:51:24.0993 3332 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
22:51:25.0043 3332 MSPQM - ok
22:51:25.0083 3332 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
22:51:25.0093 3332 MsRPC - ok
22:51:25.0133 3332 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
22:51:25.0143 3332 mssmbios - ok
22:51:25.0183 3332 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
22:51:25.0213 3332 MSTEE - ok
22:51:25.0263 3332 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
22:51:25.0273 3332 Mup - ok
22:51:25.0343 3332 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
22:51:25.0353 3332 NativeWifiP - ok
22:51:25.0443 3332 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
22:51:25.0453 3332 NDIS - ok
22:51:25.0493 3332 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
22:51:25.0523 3332 NdisTapi - ok
22:51:25.0553 3332 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
22:51:25.0573 3332 Ndisuio - ok
22:51:25.0623 3332 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:51:25.0653 3332 NdisWan - ok
22:51:25.0698 3332 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
22:51:25.0723 3332 NDProxy - ok
22:51:25.0753 3332 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
22:51:25.0788 3332 NetBIOS - ok
22:51:25.0878 3332 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
22:51:25.0913 3332 netbt - ok
22:51:26.0273 3332 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
22:51:26.0618 3332 NETw4v32 - ok
22:51:26.0798 3332 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
22:51:26.0813 3332 nfrd960 - ok
22:51:26.0998 3332 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\Windows\system32\drivers\npf.sys
22:51:27.0008 3332 npf - ok
22:51:27.0088 3332 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
22:51:27.0118 3332 Npfs - ok
22:51:27.0193 3332 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
22:51:27.0233 3332 nsiproxy - ok
22:51:27.0283 3332 NSNDIS5 - ok
22:51:27.0418 3332 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
22:51:27.0523 3332 Ntfs - ok
22:51:27.0588 3332 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
22:51:27.0638 3332 ntrigdigi - ok
22:51:27.0678 3332 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
22:51:27.0718 3332 Null - ok
22:51:28.0116 3332 nvlddmkm (bd409de5681c74c1de51d72427dc202d) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:51:29.0069 3332 nvlddmkm - ok
22:51:29.0240 3332 nvraid (6f785db62a6d8f3fafd3e5695277e849) C:\Windows\system32\drivers\nvraid.sys
22:51:29.0287 3332 nvraid - ok
22:51:29.0303 3332 nvstor (4a5fcab82d9bf6af8a023a66802fe9e9) C:\Windows\system32\drivers\nvstor.sys
22:51:29.0334 3332 nvstor - ok
22:51:29.0396 3332 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
22:51:29.0412 3332 nv_agp - ok
22:51:29.0427 3332 NwlnkFlt - ok
22:51:29.0474 3332 NwlnkFwd - ok
22:51:29.0521 3332 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
22:51:29.0552 3332 ohci1394 - ok
22:51:29.0572 3332 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
22:51:29.0632 3332 Parport - ok
22:51:29.0693 3332 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
22:51:29.0709 3332 partmgr - ok
22:51:29.0740 3332 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
22:51:29.0803 3332 Parvdm - ok
22:51:29.0849 3332 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
22:51:29.0865 3332 pci - ok
22:51:29.0912 3332 pciide (20b869152448f80ac49cf10264e91f5e) C:\Windows\system32\drivers\pciide.sys
22:51:29.0927 3332 pciide - ok
22:51:29.0959 3332 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
22:51:29.0974 3332 pcmcia - ok
22:51:30.0021 3332 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
22:51:30.0146 3332 PEAUTH - ok
22:51:30.0177 3332 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
22:51:30.0208 3332 PptpMiniport - ok
22:51:30.0239 3332 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
22:51:30.0286 3332 Processor - ok
22:51:30.0349 3332 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
22:51:30.0395 3332 PSched - ok
22:51:30.0442 3332 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
22:51:30.0483 3332 ql2300 - ok
22:51:30.0518 3332 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
22:51:30.0528 3332 ql40xx - ok
22:51:30.0593 3332 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
22:51:30.0623 3332 QWAVEdrv - ok
22:51:30.0643 3332 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
22:51:30.0673 3332 RasAcd - ok
22:51:30.0723 3332 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:51:30.0753 3332 Rasl2tp - ok
22:51:30.0813 3332 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
22:51:30.0848 3332 RasPppoe - ok
22:51:30.0888 3332 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
22:51:30.0898 3332 RasSstp - ok
22:51:30.0943 3332 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
22:51:30.0978 3332 rdbss - ok
22:51:31.0035 3332 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:51:31.0066 3332 RDPCDD - ok
22:51:31.0175 3332 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
22:51:31.0206 3332 rdpdr - ok
22:51:31.0237 3332 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
22:51:31.0284 3332 RDPENCDD - ok
22:51:31.0347 3332 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
22:51:31.0362 3332 RDPWD - ok
22:51:31.0425 3332 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
22:51:31.0456 3332 RFCOMM - ok
22:51:31.0471 3332 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
22:51:31.0518 3332 rimmptsk - ok
22:51:31.0534 3332 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
22:51:31.0549 3332 rimsptsk - ok
22:51:31.0581 3332 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
22:51:31.0612 3332 rismxdp - ok
22:51:31.0652 3332 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
22:51:31.0697 3332 rspndr - ok
22:51:31.0812 3332 RTCore32 (2c293f0f3295a599fb50d8fcf1fa6ded) C:\Progs\RMClock\RTCore32.sys
22:51:31.0817 3332 RTCore32 ( UnsignedFile.Multi.Generic ) - warning
22:51:31.0817 3332 RTCore32 - detected UnsignedFile.Multi.Generic (1)
22:51:31.0884 3332 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
22:51:31.0900 3332 sbp2port - ok
22:51:31.0947 3332 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
22:51:31.0978 3332 sdbus - ok
22:51:32.0025 3332 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
22:51:32.0087 3332 secdrv - ok
22:51:32.0103 3332 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
22:51:32.0134 3332 Serenum - ok
22:51:32.0181 3332 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
22:51:32.0212 3332 Serial - ok
22:51:32.0259 3332 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
22:51:32.0274 3332 sermouse - ok
22:51:32.0337 3332 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\DRIVERS\sffdisk.sys
22:51:32.0352 3332 sffdisk - ok
22:51:32.0383 3332 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
22:51:32.0415 3332 sffp_mmc - ok
22:51:32.0446 3332 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:51:32.0461 3332 sffp_sd - ok
22:51:32.0477 3332 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
22:51:32.0517 3332 sfloppy - ok
22:51:32.0547 3332 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
22:51:32.0552 3332 sisagp - ok
22:51:32.0617 3332 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
22:51:32.0627 3332 SiSRaid2 - ok
22:51:32.0652 3332 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
22:51:32.0662 3332 SiSRaid4 - ok
22:51:32.0712 3332 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
22:51:32.0742 3332 Smb - ok
22:51:32.0807 3332 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
22:51:32.0822 3332 spldr - ok
22:51:32.0887 3332 sptd (71e276f6d189413266ea22171806597b) C:\Windows\System32\Drivers\sptd.sys
22:51:32.0972 3332 sptd - ok
22:51:33.0022 3332 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
22:51:33.0047 3332 srv - ok
22:51:33.0077 3332 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
22:51:33.0092 3332 srv2 - ok
22:51:33.0117 3332 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
22:51:33.0142 3332 srvnet - ok
22:51:33.0192 3332 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
22:51:33.0202 3332 ssmdrv - ok
22:51:33.0307 3332 STHDA (d4ae2486c4290054b8d6f1adc4bad7fd) C:\Windows\system32\drivers\stwrt.sys
22:51:33.0382 3332 STHDA - ok
22:51:33.0417 3332 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
22:51:33.0432 3332 swenum - ok
22:51:33.0467 3332 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
22:51:33.0477 3332 Symc8xx - ok
22:51:33.0522 3332 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
22:51:33.0532 3332 Sym_hi - ok
22:51:33.0577 3332 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
22:51:33.0582 3332 Sym_u3 - ok
22:51:33.0642 3332 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
22:51:33.0652 3332 taphss - ok
22:51:33.0702 3332 tapvpn (27a2c318cd28cfb3eb2200fd96af1e58) C:\Windows\system32\DRIVERS\tapvpn.sys
22:51:33.0702 3332 tapvpn ( UnsignedFile.Multi.Generic ) - warning
22:51:33.0702 3332 tapvpn - detected UnsignedFile.Multi.Generic (1)
22:51:33.0862 3332 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
22:51:33.0972 3332 Tcpip - ok
22:51:34.0032 3332 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
22:51:34.0102 3332 Tcpip6 - ok
22:51:34.0152 3332 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
22:51:34.0182 3332 tcpipreg - ok
22:51:34.0252 3332 TcUsb (5ca437a08509fb7ecf843480fc1232e2) C:\Windows\system32\Drivers\tcusb.sys
22:51:34.0292 3332 TcUsb - ok
22:51:34.0342 3332 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
22:51:34.0382 3332 TDPIPE - ok
22:51:34.0412 3332 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
22:51:34.0452 3332 TDTCP - ok
22:51:34.0532 3332 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
22:51:34.0552 3332 tdx - ok
22:51:34.0607 3332 teamviewervpn (9101fffcfccd1a30e870a5b8a9091b10) C:\Windows\system32\DRIVERS\teamviewervpn.sys
22:51:34.0632 3332 teamviewervpn - ok
22:51:34.0662 3332 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
22:51:34.0682 3332 TermDD - ok
22:51:34.0727 3332 tifsfilter (b0b3122bff3910e0ba97014045467778) C:\Windows\system32\DRIVERS\tifsfilt.sys
22:51:34.0747 3332 tifsfilter - ok
22:51:34.0832 3332 timounter (13bfe330880ac0ce8672d00aa5aff738) C:\Windows\system32\DRIVERS\timntr.sys
22:51:34.0892 3332 timounter - ok
22:51:34.0932 3332 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:51:34.0982 3332 tssecsrv - ok
22:51:35.0002 3332 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
22:51:35.0032 3332 tunmp - ok
22:51:35.0092 3332 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
22:51:35.0122 3332 tunnel - ok
22:51:35.0162 3332 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
22:51:35.0172 3332 uagp35 - ok
22:51:35.0262 3332 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
22:51:35.0302 3332 udfs - ok
22:51:35.0372 3332 UDXTTM6010 (ac426cd0aa0db592a81c9a78a5f4b309) C:\Windows\system32\DRIVERS\UDXTTM6010.sys
22:51:35.0412 3332 UDXTTM6010 - ok
22:51:35.0458 3332 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
22:51:35.0473 3332 uliagpkx - ok
22:51:35.0504 3332 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
22:51:35.0520 3332 uliahci - ok
22:51:35.0551 3332 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
22:51:35.0567 3332 UlSata - ok
22:51:35.0582 3332 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
22:51:35.0582 3332 ulsata2 - ok
22:51:35.0629 3332 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
22:51:35.0660 3332 umbus - ok
22:51:35.0723 3332 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
22:51:35.0738 3332 usbccgp - ok
22:51:35.0785 3332 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
22:51:35.0816 3332 usbcir - ok
22:51:35.0848 3332 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
22:51:35.0879 3332 usbehci - ok
22:51:35.0910 3332 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
22:51:35.0941 3332 usbhub - ok
22:51:35.0988 3332 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
22:51:36.0050 3332 usbohci - ok
22:51:36.0082 3332 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
22:51:36.0128 3332 usbprint - ok
22:51:36.0160 3332 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
22:51:36.0175 3332 usbscan - ok
22:51:36.0238 3332 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:51:36.0269 3332 USBSTOR - ok
22:51:36.0316 3332 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
22:51:36.0347 3332 usbuhci - ok
22:51:36.0378 3332 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
22:51:36.0425 3332 usbvideo - ok
22:51:36.0456 3332 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
22:51:36.0472 3332 vga - ok
22:51:36.0522 3332 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
22:51:36.0552 3332 VgaSave - ok
22:51:36.0582 3332 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
22:51:36.0592 3332 viaagp - ok
22:51:36.0677 3332 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
22:51:36.0727 3332 ViaC7 - ok
22:51:36.0787 3332 viaide (58c8d5ac5c3eef40e7e704a5ced7987d) C:\Windows\system32\drivers\viaide.sys
22:51:36.0792 3332 viaide - ok
22:51:36.0869 3332 VMnetAdapter (fdfd74ab4d0f27b5d062c2a39cbb6d54) C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:51:36.0900 3332 VMnetAdapter - ok
22:51:36.0931 3332 VMnetBridge (20daa5dcf8b3c9c83574ed8548e01b2a) C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:51:36.0931 3332 VMnetBridge ( UnsignedFile.Multi.Generic ) - warning
22:51:36.0931 3332 VMnetBridge - detected UnsignedFile.Multi.Generic (1)
22:51:36.0978 3332 VMnetuserif (934294fd78cf78e53c903fb71b1adc40) C:\Windows\system32\drivers\vmnetuserif.sys
22:51:36.0994 3332 VMnetuserif ( UnsignedFile.Multi.Generic ) - warning
22:51:36.0994 3332 VMnetuserif - detected UnsignedFile.Multi.Generic (1)
22:51:37.0041 3332 vmx86 (7947890284ec76d4188a200f9eb0c1f9) C:\Windows\system32\Drivers\vmx86.sys
22:51:37.0041 3332 vmx86 ( UnsignedFile.Multi.Generic ) - warning
22:51:37.0041 3332 vmx86 - detected UnsignedFile.Multi.Generic (1)
22:51:37.0150 3332 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
22:51:37.0150 3332 volmgr - ok
22:51:37.0259 3332 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
22:51:37.0306 3332 volmgrx - ok
22:51:37.0368 3332 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
22:51:37.0399 3332 volsnap - ok
22:51:37.0446 3332 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
22:51:37.0462 3332 vsmraid - ok
22:51:37.0600 3332 vstor2 (449bf234cae814ba938252364bb4c39d) C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
22:51:37.0650 3332 vstor2 - ok
22:51:37.0775 3332 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
22:51:37.0872 3332 WacomPen - ok
22:51:37.0935 3332 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:37.0966 3332 Wanarp - ok
22:51:37.0997 3332 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
22:51:38.0013 3332 Wanarpv6 - ok
22:51:38.0075 3332 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
22:51:38.0091 3332 Wd - ok
22:51:38.0215 3332 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
22:51:38.0247 3332 Wdf01000 - ok
22:51:38.0340 3332 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:51:38.0449 3332 WmiAcpi - ok
22:51:38.0509 3332 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
22:51:38.0579 3332 WpdUsb - ok
22:51:38.0604 3332 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
22:51:38.0629 3332 ws2ifsl - ok
22:51:38.0729 3332 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:51:38.0754 3332 WUDFRd - ok
22:51:38.0814 3332 yukonwlh (04e268adfc81964c49dc0c082d520f7e) C:\Windows\system32\DRIVERS\yk60x86.sys
22:51:38.0854 3332 yukonwlh - ok
22:51:38.0904 3332 MBR (0x1B8) (9b4a5e102a9a4593e7df62a936f27e48) \Device\Harddisk0\DR0
22:51:39.0214 3332 \Device\Harddisk0\DR0 - ok
22:51:39.0249 3332 Boot (0x1200) (4a5f3d982885f49f926a441bb74211aa) \Device\Harddisk0\DR0\Partition0
22:51:39.0270 3332 \Device\Harddisk0\DR0\Partition0 - ok
22:51:39.0301 3332 Boot (0x1200) (f6a45319f7aedca0c2797253d65da052) \Device\Harddisk0\DR0\Partition1
22:51:39.0301 3332 \Device\Harddisk0\DR0\Partition1 - ok
22:51:39.0301 3332 ============================================================
22:51:39.0301 3332 Scan finished
22:51:39.0301 3332 ============================================================
22:51:39.0317 0592 Detected object count: 8
22:51:39.0317 0592 Actual detected object count: 8
22:52:16.0877 0592 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592 ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:16.0877 0592 cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592 cpuz132 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:16.0877 0592 hcmon ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592 hcmon ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:16.0877 0592 RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592 RTCore32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:16.0877 0592 tapvpn ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592 tapvpn ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:16.0877 0592 VMnetBridge ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592 VMnetBridge ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:16.0877 0592 VMnetuserif ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0877 0592 VMnetuserif ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:52:16.0908 0592 vmx86 ( UnsignedFile.Multi.Generic ) - skipped by user
22:52:16.0908 0592 vmx86 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Code:
ATTFilter 22:52:16.0877 0592 ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
- Kann ich grade nicht wirklich zuordnen. Virustotal hat keine Treffer.
22:52:16.0877 0592 cpuz132 ( UnsignedFile.Multi.Generic ) - skipped by user
- Wohl ein Überbleibsel von Cpuz.
22:52:16.0877 0592 hcmon ( UnsignedFile.Multi.Generic ) - skipped by user
- Gehört warscheinlich zu VMWare
22:52:16.0877 0592 RTCore32 ( UnsignedFile.Multi.Generic ) - skipped by user
- Gehört zu RMClock
22:52:16.0877 0592 tapvpn ( UnsignedFile.Multi.Generic ) - skipped by user
- Kann ich nicht 100% zuordnen. Könnte zur VPN Software der Uni gehören.
22:52:16.0877 0592 VMnetBridge ( UnsignedFile.Multi.Generic ) - skipped by user
- Gehört wahrscheinlich zu VMWare
22:52:16.0877 0592 VMnetuserif ( UnsignedFile.Multi.Generic ) - skipped by user
- Gehört wahrscheinlich zu VMWare
22:52:16.0908 0592 vmx86 ( UnsignedFile.Multi.Generic ) - skipped by user
- Gehört wahrscheinlich zu VMWare
Geändert von Olorin (15.12.2011 um 23:25 Uhr) |
|
16.12.2011, 10:22
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.12.2011, 20:01
| #15 |
| | Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U Combofix Logfile: Code:
ATTFilter ComboFix 11-12-16.01 - Tommy 16.12.2011 18:19:38.1.2 - x86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.49.1031.18.3581.2503 [GMT 1:00]
ausgeführt von:: c:\users\Tommy\Desktop\ComboFix.exe
AV: Avira AntiVir PersonalEdition *Enabled/Updated* {3C92C986-DF22-D3CD-0217-CF53EB6F2CD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\programdata\Roaming\Intel\Wireless\Settings\Settings.ini
c:\users\Tommy\AppData\Roaming\Wuala
c:\users\Tommy\AppData\Roaming\Wuala\defaultUser
c:\users\Tommy\AppData\Roaming\Wuala\Wuala.exe
c:\windows\IsUn0407.exe
c:\windows\UA000073.DLL
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-11-16 bis 2011-12-16 ))))))))))))))))))))))))))))))
.
.
2011-12-16 17:25 . 2011-12-16 17:25 -------- d-----w- c:\users\Tommy\AppData\Local\temp
2011-12-16 17:25 . 2011-12-16 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-16 17:11 . 2011-12-16 17:11 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13871F78-3997-46E5-9440-9A62840E36CA}\offreg.dll
2011-12-16 17:11 . 2011-11-21 10:47 6823496 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{13871F78-3997-46E5-9440-9A62840E36CA}\mpengine.dll
2011-12-15 22:30 . 2008-06-24 11:45 1414440 ----a-w- c:\windows\system32\ShellManager310E2D762.dll
2011-12-15 17:33 . 2011-12-15 17:33 -------- d-----w- C:\_OTL
2011-12-14 19:27 . 2011-12-14 19:27 -------- d-----w- c:\program files\ESET
2011-12-12 16:11 . 2011-12-12 16:11 -------- d-----w- c:\program files\CCleaner
2011-12-11 20:04 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-30 18:58 . 2011-11-30 19:58 -------- d-----w- c:\users\Tommy\AppData\Roaming\Crayon Physics Deluxe
2011-11-30 16:40 . 2011-11-30 16:45 -------- d-----w- c:\users\Tommy\.KoalaNext
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-11 14:43 . 2011-10-18 14:42 134856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-12-07 16:23 . 2009-10-06 09:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-11-21 19:21 . 2011-05-16 06:02 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-20 23:26 . 2011-10-20 23:26 94208 ----a-w- c:\windows\system32\dpl100.dll
2011-10-11 13:00 . 2011-10-18 14:42 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-11 13:00 . 2011-10-18 14:42 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-09-20 21:02 . 2011-11-08 21:10 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2011-10-12 06:51 . 2011-05-15 10:55 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-03-28 17:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-03-28 17:59 2953216 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RMClock"="c:\progs\RMClock\RMClockLauncher.exe" [2008-02-29 61440]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2007-03-28 49168]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-08-07 1548288]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-10-25 167936]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-08-14 442460]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-9-7 1180952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-03-28 17:46 90112 ----a-w- c:\windows\System32\psqlpwd.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:20 110696 ----a-w- c:\windows\System32\nvmctray.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-11-01 13:39 189736 ------w- c:\program files\Dell\MediaDirect\PCMService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1401606794-160134412-1321032927-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt [x]
R3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2007-04-09 148232]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\6A19.tmp [x]
R3 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2011-02-11 35088]
R3 RTCore32;RTCore32;c:\progs\RMClock\RTCore32.sys [2005-05-25 4608]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2010-03-11 25088]
R3 UDXTTM6010;Cinergy Hybrid XE BDA service;c:\windows\system32\DRIVERS\UDXTTM6010.sys [2008-03-31 596896]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-07-31 717296]
R4 vmserverdWin32;VMware Registration Service;c:\program files\VMware\VMware Server\vmserverdWin32.exe [2009-03-25 1654884]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 NvcRpcServer;Nortel CVC Service;c:\program files\Nortel Networks\NvcRpcSvr.exe [2007-04-09 71176]
S3 Eacfilt;Eacfilt Miniport;c:\windows\system32\DRIVERS\eacfilt.sys [2007-04-09 31784]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9C450606-ED24-4958-92BA-B8940C99D441}]
2009-03-04 15:32 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: microsoft.com\www.update
TCP: DhcpNameServer = 192.168.11.1
TCP: Interfaces\{C5DA2D11-279B-43DE-ACE2-F1D3DD0A5D22}: NameServer = 10.90.24.1
FF - ProfilePath - c:\users\Tommy\AppData\Roaming\Mozilla\Firefox\Profiles\0w1774ub.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NBKeyScan - c:\progs\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
MSConfigStartUp-Acronis Scheduler2 Service - c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe
MSConfigStartUp-AcronisTimounterMonitor - c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
MSConfigStartUp-OODefragTray - c:\windows\system32\oodtray.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-TrueImageMonitor - c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe
AddRemove-Wubi - d:\ubuntu\Uninstall-Kubuntu.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\progs\DivX\DivXCodecUninstall.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Tommy\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-16 18:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\6A19.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1401606794-160134412-1321032927-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:3f,0c,a6,36,13,e4,68,82,df,12,0b,5f,0d,97,88,49,f1,34,65,0a,65,
fd,be,07,f0,c5,d0,6b,40,d5,47,74,c5,f2,a5,1d,b1,09,1b,94,97,62,8d,e3,1c,c6,\
"rkeysecu"=hex:97,eb,72,85,c4,53,b4,95,53,a7,f1,72,45,77,cc,40
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(736)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll
.
Zeit der Fertigstellung: 2011-12-16 18:27:01
ComboFix-quarantined-files.txt 2011-12-16 17:26
.
Vor Suchlauf: 11 Verzeichnis(se), 12.360.851.456 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 12.972.466.176 Bytes frei
.
- - End Of File - - 7A89DFAA72C53EB2544F7F4566C905CD
Ich bin grad am überlegen, ob es nicht insgesamt schneller und einfacher ist, wenn ich probiere ein altes image zum Laufen zu bringen. Wie viele Scans stehen denn noch an? |
|
| Themen zu Windowsfirewall blockt eingehende Verbindungen - Fund von TR/Crypt.EPACK.Gen5 und JAVA/Agent.U |
| .dll, adobe, antivir, avg, avira, defender, diverse, eingehende verbindungen, error, explorer, file, firefox, format, google, helper, hijack, hijackthis, hotspot, hotspot shield, logfile, malwarebytes, microsoft, mozilla thunderbird, nvidia, nvlddmkm.sys, opera, plug-in, port, registry, sched.exe, software, sttray.exe, vista |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
