| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Unmengen an Upload -> Virus/Trojaner ?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2011, 08:14
| #1 |
 |  Unmengen an Upload -> Virus/Trojaner ? Hi, ich bin echt am verzweifeln im Moment. Mir ist seit gestern aufgefallen, dass mein PC eigentlich dauerhaft große Mengen an Daten ins Internet lädt. Ich habe seit heute morgen ca. 5:50 Uhr bis jetzt ca. 9:00 Uhr bereits schon 927 MB Daten hochgeladen, aber nur 219 MB Daten empfangen. Ich bin aus der Firma Remote auf meinem PC und dadurch ist mir durchaus bewusst, dass er natürlich Daten an mich in der Firma senden muss. Jedoch mache ich dieses schon seit Monaten und es waren im Schnitt im Monat ca. 10 Gigabyte Daten, die versendet wurden. Mit gestern und heute bin ich schon bei 7 Gigabyte, die versendet wurden und gestern war ich Remote gar nicht auf dem Rechner. Leider bekomme ich einfach nicht heraus, was dort für Daten übertragen werden, von welchem Programm so viele Daten übertragen werden und vor allen Dingen wohin ?? Aufgefallen ist mir das gestern, da die Fritz Box ca. alle 30 Minuten neustarten musste, da zuviele Verbindungen aufgebaut wurden. Ich kenne das noch aus den P2P Zeiten, wenn bei Emule oder Torrent so viele Verbindungen aufgebaut wurden. Dies ist aber schon ewig nicht mehr der Fall. Durch die ganzen Neustarts bin ich darauf gestossen, dass so viele Daten transferiert werden. Ich habe schon folgendes getan: einen kompletten Systemscan nach Viren gemacht -> kein Ergebnis mit Wireshark den Traffic begutachtet -> sagt mir nichts load.exe ausgeführt und die beiden Logdateien angehängt Ich hoffe hier hat noch jemand eine Idee, was das sein könnte und wie ich das abstelle. Ps.: In der Zeit, in der ich den Beitrag geschrieben habe, sind wieder 20 MB hochgeladen worden. |
|
13.04.2011, 11:18
| #2 |
| | Unmengen an Upload -> Virus/Trojaner ? Da mir im Nachhinein eingefallen ist, dass sich wahrscheinlich niemand die Logdateien runterladen würde, poste ich sie nochmal so.
__________________Sorry 4 Doppelpost. OTL Log Code:
ATTFilter OTL logfile created on: 13.04.2011 08:49:20 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\BalloS\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 76,00% Memory free 16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,89 Gb Total Space | 38,69 Gb Free Space | 39,53% Space Free | Partition Type: NTFS Drive D: | 1299,37 Gb Total Space | 1119,01 Gb Free Space | 86,12% Space Free | Partition Type: NTFS Drive F: | 1397,26 Gb Total Space | 1188,09 Gb Free Space | 85,03% Space Free | Partition Type: NTFS Drive G: | 1397,26 Gb Total Space | 420,41 Gb Free Space | 30,09% Space Free | Partition Type: NTFS Drive J: | 14,73 Gb Total Space | 14,64 Gb Free Space | 99,40% Space Free | Partition Type: NTFS Drive K: | 3,92 Gb Total Space | 3,74 Gb Free Space | 95,50% Space Free | Partition Type: NTFS Computer Name: BALLOS-PC | User Name: BalloS | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.04.13 08:43:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe PRC - [2011.04.11 22:15:04 | 001,613,984 | ---- | M] (Argotronic UG (haftungsbeschraenkt)) -- C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe PRC - [2011.03.24 06:08:28 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2011.03.16 19:30:02 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.03.01 16:47:56 | 007,832,440 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe PRC - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2011.01.14 07:53:50 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe PRC - [2011.01.14 07:53:48 | 002,942,856 | ---- | M] (Hagel Technologies Ltd.) -- C:\PROGRA~2\DU Meter\DUMeter.exe PRC - [2011.01.04 12:49:59 | 001,242,448 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe PRC - [2010.11.04 20:50:17 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.11.04 20:50:17 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2010.10.25 16:13:42 | 000,821,144 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe PRC - [2010.09.03 12:35:34 | 001,406,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe PRC - [2010.07.12 18:32:48 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.04.21 19:05:20 | 000,161,136 | ---- | M] (Famatech Corp.) -- C:\Windows\SysWOW64\rserver30\FamItrfc.Exe PRC - [2010.04.21 07:02:02 | 001,242,480 | ---- | M] (Famatech Corp.) -- C:\Windows\SysWOW64\rserver30\rserver3.exe PRC - [2010.04.01 11:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010.03.17 12:05:40 | 000,264,704 | ---- | M] () -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe PRC - [2010.01.22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2009.11.19 18:43:14 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Razer\Copperhead\razerhid.exe PRC - [2009.11.16 13:25:32 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Razer\Copperhead\razertra.exe PRC - [2007.12.11 14:00:00 | 000,692,808 | ---- | M] (Mirko Böer) -- C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe PRC - [2007.05.07 10:52:12 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files (x86)\Razer\Tarantula\razerhid.exe PRC - [2007.03.05 18:17:56 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\Razer\Tarantula\razertra.exe PRC - [2007.01.24 15:57:14 | 000,897,024 | ---- | M] (Rhino Software, Inc. +1(262) 560-9627) -- C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUDaemon.exe PRC - [2007.01.09 09:48:58 | 000,147,456 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\Copperhead\razerofa.exe PRC - [1999.09.30 22:31:38 | 000,869,376 | ---- | M] (Fred's Software) -- C:\Program Files (x86)\PrintKey2000\Printkey2000.exe ========== Modules (SafeList) ========== MOD - [2011.04.13 08:43:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.01.05 04:57:44 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2011.01.04 23:07:10 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager) SRV:64bit: - [2010.06.14 12:28:50 | 002,069,880 | ---- | M] (RealVNC Ltd.) [Auto | Running] -- C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- (WinVNC4) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2011.03.16 19:30:02 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.03.01 16:47:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2011.01.14 07:53:50 | 001,412,488 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files (x86)\DU Meter\DUMeterSvc.exe -- (DUMeterSvc) SRV - [2010.11.04 20:50:17 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.04.21 07:02:02 | 001,242,480 | ---- | M] (Famatech Corp.) [Auto | Running] -- C:\Windows\SysWOW64\rserver30\RServer3.exe -- (RServer3) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.17 12:05:42 | 000,039,936 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2007.12.11 14:00:00 | 000,692,808 | ---- | M] (Mirko Böer) [Auto | Running] -- C:\Program Files (x86)\TrafficMonitor\TMPacketServiceInit.exe -- (TMPService) SRV - [2007.01.24 15:57:14 | 000,897,024 | ---- | M] (Rhino Software, Inc. +1(262) 560-9627) [Auto | Running] -- C:\Program Files (x86)\RhinoSoft.com\Serv-U\ServUDaemon.exe -- (Serv-U) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.01.05 05:37:14 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.01.05 04:19:38 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.11.22 14:25:45 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2010.11.17 14:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.10.09 15:34:16 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.08.04 22:17:14 | 001,342,064 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2010.06.14 12:17:04 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror) DRV:64bit: - [2010.04.21 07:02:00 | 000,005,632 | ---- | M] (Famatech International Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rminiv3.sys -- (mirrorv3) DRV:64bit: - [2010.03.17 12:24:00 | 000,401,696 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2010.03.17 12:05:40 | 000,038,432 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901) DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.22 12:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.01.22 12:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2009.11.10 15:50:18 | 000,014,336 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\copperhd.sys -- (copperhd) DRV:64bit: - [2009.10.19 14:45:54 | 000,039,480 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2009.09.30 09:34:32 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.31 11:40:34 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMfilt64.sys -- (VMfilt) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.04.11 16:23:48 | 000,049,664 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UsbFltr.sys -- (TarFltr) DRV:64bit: - [2005.10.21 17:01:22 | 000,019,200 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbicp.sys -- (uisp) DRV:64bit: - [2005.03.29 01:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2011.01.14 07:53:54 | 000,019,088 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\DU Meter\DUMETR64.SYS -- (DUMeterDrv) DRV - [2010.04.21 07:02:00 | 000,068,680 | ---- | M] (Famatech Corp.) [Kernel | System | Running] -- C:\Windows\SysWOW64\rserver30\raddrvv3.sys -- (raddrvv3) DRV - [2005.12.21 11:23:26 | 000,014,592 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\Usbicp.sys -- (uisp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 7E 89 68 6E 7F CB 01 [binary data] IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.1.0.1 FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.9.1Lite FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8 FF - prefs.js..extensions.enabledItems: bundeskampftoolbar@spielwerk.gmbh:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {B0D70E72-2FC1-4b9f-A3D4-5921C854D906}:1.2 FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.01.27 13:39:51 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.03.24 06:08:29 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.03.24 06:08:29 | 000,000,000 | ---D | M] [2010.10.09 17:32:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BalloS\AppData\Roaming\mozilla\Extensions [2011.04.12 18:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions [2011.04.08 08:29:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.03.12 11:55:18 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.11.06 11:08:07 | 000,000,000 | ---D | M] ("Biet-O-Matic Firefox Erweiterung") -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{B0D70E72-2FC1-4b9f-A3D4-5921C854D906} [2011.04.08 08:29:17 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2011.03.26 12:25:40 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2010.10.09 20:11:43 | 000,000,000 | ---D | M] (Bundeskampf Toolbar) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\bundeskampftoolbar@spielwerk.gmbh [2011.03.09 12:35:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\de-DE@dictionaries.addons.mozilla.org [2011.03.08 16:57:43 | 000,000,000 | ---D | M] (Fasterfox Lite) -- C:\Users\BalloS\AppData\Roaming\mozilla\Firefox\Profiles\kj9yini8.default\extensions\FasterFox_Lite@BigRedBrent [2011.04.13 06:07:05 | 000,001,056 | ---- | M] () -- C:\Users\BalloS\AppData\Roaming\Mozilla\Firefox\Profiles\kj9yini8.default\searchplugins\icqplugin.xml [2011.04.12 18:45:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.10.30 14:53:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2011.02.13 11:25:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.01.27 13:39:51 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN [2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2009.09.21 12:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll [2010.07.12 18:33:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2010.10.31 11:47:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.31 11:47:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.31 11:47:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.31 11:47:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.31 11:47:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.11.06 15:22:32 | 000,000,864 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~2\FlashFXP\IEFlash.dll (IniCom Networks, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Copperhead] C:\Program Files (x86)\Razer\Copperhead\razerhid.exe () O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [openvpn-gui] C:\Program Files (x86)\Astaro\Astaro SSL VPN Client\bin\openvpn-gui.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Tarantula] C:\Program Files (x86)\Razer\Tarantula\razerhid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [TrafficMonitor] C:\PROGRA~2\TRAFFICMONITOR\TRAFFICMONITOR.EXE (Mirko Böer) O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKCU..\Run: [Argus Monitor] C:\Program Files (x86)\ArgusMonitor\ArgusMonitor.exe (Argotronic UG (haftungsbeschraenkt)) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [DU Meter] C:\Program Files (x86)\DU Meter\DUMeter.exe (Hagel Technologies Ltd.) O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\Microsoft Expression\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP.EXE O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\configure\command - "" = H:\SETUP.EXE O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\install\command - "" = H:\SETUP.EXE O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Launcher.exe O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTORUN.exe O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell - "" = AutoRun O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell\AutoRun\command - "" = H:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.04.13 08:48:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2011.04.13 08:47:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT [2011.04.13 08:47:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT [2011.04.13 08:42:20 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\BalloS\Desktop\Erunt-setup.exe [2011.04.13 08:42:20 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe [2011.04.13 08:42:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\BalloS\Desktop\TFC.exe [2011.04.12 19:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Hagel Technologies [2011.04.12 19:11:52 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DU Meter [2011.04.12 19:11:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DU Meter [2011.04.12 18:02:27 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\TrafficMonitor [2011.04.12 18:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TrafficMonitor [2011.04.12 18:02:24 | 000,330,336 | ---- | C] (Mirko Böer) -- C:\Windows\TraffUn.EXE [2011.04.12 18:02:24 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TrafficMonitor [2011.04.12 18:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TrafficMonitor [2011.04.12 18:01:44 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Wireshark [2011.04.12 17:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2011.04.12 17:51:47 | 000,000,000 | ---D | C] -- C:\Programme\Wireshark [2011.04.11 10:25:08 | 000,055,456 | ---- | C] (Argotronic UG (haftungsbeschraenkt)) -- C:\Windows\SysWow64\drivers\ArgusMonitor.sys [2011.04.04 17:40:56 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\Sokoban [2011.04.04 17:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sokoban [2011.04.04 17:40:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BDSokobanYASC [2011.04.02 13:26:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetGear [2011.04.02 13:16:11 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\ProSafe Plus Utility [2011.04.02 13:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap [2011.04.02 13:15:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetGear [2011.03.27 20:14:34 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Local\Nero_AG [2011.03.27 20:14:33 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Local\Nero [2011.03.26 13:27:56 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Local\SKIDROW [2011.03.22 10:07:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero [2011.03.22 10:07:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero [2011.03.22 10:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero [2011.03.22 10:06:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.03.22 10:06:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2011.03.20 14:00:42 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2011.03.20 14:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5 [2011.03.20 14:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5 [2011.03.20 14:00:36 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VobSub [2011.03.20 14:00:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VobSub [2011.03.20 14:00:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gabest [2011.03.20 14:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoGK [2011.03.20 14:00:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoGK [2011.03.19 17:44:29 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2011.03.19 17:44:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.03.19 17:24:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2011.03.19 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Desktop\Spiele [2011.03.19 15:22:04 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\Broken Sword - Director's Cut [2011.03.19 15:21:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baphomets Fluch - The Directors Cut [2011.03.16 10:01:34 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\GHISLER [2011.03.16 09:27:14 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\Avira [2011.03.15 19:57:25 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\FastCopy [2011.03.15 19:57:24 | 000,000,000 | ---D | C] -- C:\Programme\FastCopy [2011.03.15 19:41:13 | 000,000,000 | ---D | C] -- C:\Users\BalloS\AppData\Roaming\TeraCopy [2011.03.15 19:41:10 | 000,000,000 | ---D | C] -- C:\Programme\TeraCopy [2011.03.15 19:41:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy [2011.03.14 18:23:05 | 000,000,000 | ---D | C] -- C:\Users\BalloS\Documents\BattleLA Saves [2011.03.14 18:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Konami [2010.02.04 01:00:00 | 000,139,264 | ---- | C] ( ) -- C:\Windows\sipr3260.dll ========== Files - Modified Within 30 Days ========== [2011.04.13 08:51:18 | 001,507,302 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.04.13 08:51:18 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.04.13 08:51:18 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.04.13 08:51:18 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.04.13 08:51:18 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.04.13 08:47:50 | 000,000,924 | ---- | M] () -- C:\Users\BalloS\Desktop\NTREGOPT.lnk [2011.04.13 08:47:50 | 000,000,905 | ---- | M] () -- C:\Users\BalloS\Desktop\ERUNT.lnk [2011.04.13 08:45:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.04.13 08:44:46 | 2146,045,951 | -HS- | M] () -- C:\hiberfil.sys [2011.04.13 08:43:15 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\BalloS\Desktop\Erunt-setup.exe [2011.04.13 08:43:12 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\OTL.exe [2011.04.13 08:43:11 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\BalloS\Desktop\TFC.exe [2011.04.13 08:41:43 | 000,377,280 | ---- | M] () -- C:\Users\BalloS\Desktop\Load.exe [2011.04.13 08:07:50 | 000,150,700 | ---- | M] () -- C:\Users\BalloS\Documents\cc_20110413_080736.reg [2011.04.13 08:05:36 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.04.13 05:51:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.04.13 05:51:53 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.04.12 18:02:24 | 000,002,927 | R--- | M] () -- C:\Windows\TrafficMonitor_Uninstall.in [2011.04.12 18:02:24 | 000,001,015 | ---- | M] () -- C:\Users\BalloS\Desktop\TrafficMonitor.lnk [2011.04.11 10:25:08 | 000,055,456 | ---- | M] (Argotronic UG (haftungsbeschraenkt)) -- C:\Windows\SysWow64\drivers\ArgusMonitor.sys [2011.04.04 17:40:53 | 000,001,039 | ---- | M] () -- C:\Users\BalloS\Desktop\Sokoban YASC.lnk [2011.04.02 13:26:34 | 000,002,825 | ---- | M] () -- C:\Users\Public\Desktop\ProSafe Plus Utility.lnk [2011.03.22 10:10:36 | 000,002,995 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk [2011.03.22 10:10:11 | 000,003,053 | ---- | M] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk [2011.03.22 10:09:44 | 000,002,987 | ---- | M] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk [2011.03.22 10:09:06 | 000,003,197 | ---- | M] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk [2011.03.22 10:08:18 | 000,003,009 | ---- | M] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2011.03.20 14:02:17 | 000,000,540 | ---- | M] () -- C:\Users\BalloS\AppData\Roaming\AutoGK.ini [2011.03.15 19:20:40 | 000,000,079 | ---- | M] () -- C:\Users\BalloS\AppData\Local\CrystalDiskMark30.ini ========== Files Created - No Company Name ========== [2011.04.13 08:47:50 | 000,000,924 | ---- | C] () -- C:\Users\BalloS\Desktop\NTREGOPT.lnk [2011.04.13 08:47:50 | 000,000,905 | ---- | C] () -- C:\Users\BalloS\Desktop\ERUNT.lnk [2011.04.13 08:41:41 | 000,377,280 | ---- | C] () -- C:\Users\BalloS\Desktop\Load.exe [2011.04.13 08:07:40 | 000,150,700 | ---- | C] () -- C:\Users\BalloS\Documents\cc_20110413_080736.reg [2011.04.12 18:02:24 | 000,002,927 | R--- | C] () -- C:\Windows\TrafficMonitor_Uninstall.in [2011.04.12 18:02:24 | 000,001,015 | ---- | C] () -- C:\Users\BalloS\Desktop\TrafficMonitor.lnk [2011.04.12 17:52:11 | 000,001,545 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk [2011.04.04 17:40:53 | 000,001,039 | ---- | C] () -- C:\Users\BalloS\Desktop\Sokoban YASC.lnk [2011.04.02 13:26:34 | 000,002,825 | ---- | C] () -- C:\Users\Public\Desktop\ProSafe Plus Utility.lnk [2011.03.22 10:10:36 | 000,002,995 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart 10.lnk [2011.03.22 10:10:11 | 000,003,053 | ---- | C] () -- C:\Users\Public\Desktop\Nero Vision 10.lnk [2011.03.22 10:09:44 | 000,002,987 | ---- | C] () -- C:\Users\Public\Desktop\Nero MediaHub 10.lnk [2011.03.22 10:09:06 | 000,003,197 | ---- | C] () -- C:\Users\Public\Desktop\Nero BackItUp 10.lnk [2011.03.22 10:08:18 | 000,003,009 | ---- | C] () -- C:\Users\Public\Desktop\Nero Burning ROM 10.lnk [2011.03.20 14:02:17 | 000,000,540 | ---- | C] () -- C:\Users\BalloS\AppData\Roaming\AutoGK.ini [2011.03.19 17:44:29 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2011.03.16 10:01:34 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2011.03.15 18:45:11 | 000,000,079 | ---- | C] () -- C:\Users\BalloS\AppData\Local\CrystalDiskMark30.ini [2011.03.13 15:57:53 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini [2011.02.14 17:15:45 | 000,695,578 | ---- | C] () -- C:\Windows\unins000.exe [2011.02.14 17:15:45 | 000,000,857 | ---- | C] () -- C:\Windows\unins000.dat [2011.02.12 17:36:42 | 000,002,975 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.01.20 17:28:48 | 004,718,592 | ---- | C] () -- C:\Windows\SysWow64\savegame.bin [2010.12.18 16:15:26 | 000,003,584 | ---- | C] () -- C:\Users\BalloS\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.12 18:37:36 | 000,036,892 | ---- | C] () -- C:\Windows\SysWow64\bassmod.dll [2010.11.06 11:07:33 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll [2010.10.09 22:30:31 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.09 17:32:57 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.10.09 15:30:29 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.10.09 14:41:24 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2010.09.02 01:53:48 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2010.06.23 13:35:52 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010.06.23 13:35:52 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.02.05 21:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI [2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll ========== LOP Check ========== [2011.04.11 10:15:12 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\BOM [2010.10.30 15:06:05 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\DAEMON Tools Lite [2010.11.01 19:48:54 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\DAEMON Tools Pro [2011.01.26 15:37:59 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\elsterformular [2011.03.15 20:00:43 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\FastCopy [2011.02.14 17:15:45 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Flatcast [2011.03.16 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\GHISLER [2011.02.13 01:16:08 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\ICQ [2010.11.09 11:00:00 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\LEAPS [2010.11.09 10:59:05 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Pegasys Inc [2010.11.14 04:42:48 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Promixis [2011.01.19 10:36:03 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Radmin [2011.04.12 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\TeraCopy [2011.04.12 18:07:07 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\TrafficMonitor [2010.11.07 16:21:44 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Win7codecs [2011.04.12 18:01:44 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Wireshark [2010.11.26 09:20:58 | 000,000,000 | ---D | M] -- C:\Users\BalloS\AppData\Roaming\Xilisoft [2011.03.23 19:22:02 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.10.23 13:02:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.10.09 15:22:20 | 000,000,000 | ---D | M] -- C:\ATI [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010.10.09 14:31:48 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.10.09 21:58:32 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.12 17:51:47 | 000,000,000 | R--D | M] -- C:\Programme [2011.04.13 08:47:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2011.04.12 19:11:53 | 000,000,000 | -H-D | M] -- C:\ProgramData [2010.10.09 14:31:48 | 000,000,000 | -HSD | M] -- C:\Programme [2010.10.09 14:31:48 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.04.13 08:50:09 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.03.22 11:16:00 | 000,000,000 | ---D | M] -- C:\TEMP [2010.10.09 14:32:27 | 000,000,000 | R--D | M] -- C:\Users [2011.04.13 08:48:27 | 000,000,000 | ---D | M] -- C:\Windows [2010.11.30 20:27:09 | 000,000,000 | ---D | M] -- C:\WinSetupFromUSB [2009.12.20 01:00:00 | 000,000,000 | ---D | M] -- C:\xampp < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: EXPLORER.EXE > [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > ========== Alternate Data Streams ========== @Alternate Data Stream - 76 bytes -> C:\Users\BalloS\Documents\Bewerbungen:Roxio EMC Stream @Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:319E7F0B < End of report > Extras Log Code:
ATTFilter OTL Extras logfile created on: 13.04.2011 08:49:20 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\BalloS\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 76,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,89 Gb Total Space | 38,69 Gb Free Space | 39,53% Space Free | Partition Type: NTFS
Drive D: | 1299,37 Gb Total Space | 1119,01 Gb Free Space | 86,12% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 1188,09 Gb Free Space | 85,03% Space Free | Partition Type: NTFS
Drive G: | 1397,26 Gb Total Space | 420,41 Gb Free Space | 30,09% Space Free | Partition Type: NTFS
Drive J: | 14,73 Gb Total Space | 14,64 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive K: | 3,92 Gb Total Space | 3,74 Gb Free Space | 95,50% Space Free | Partition Type: NTFS
Computer Name: BALLOS-PC | User Name: BalloS | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Expression\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files (x86)\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{22441735-5983-AD2A-5CC5-FA2CCD7EF732}" = ATI Stream SDK v2 Developer
"{4B0748C5-2E63-B954-8C3F-71918C599800}" = WMV9/VC-1 Video Playback
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding
"{73BA9A8F-6B40-BF79-541E-464156FBA764}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B0A5A6EE-F8BA-48B1-BB32-BAC17E96C2B4}" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"{C2E0D3FE-12C4-BF5B-FC4E-052CB8833424}" = AMD Fuel
"{C5970161-E13E-6661-BBDA-A08268313C83}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.0.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Visual J# 2.0 Redistributable Package - SE (x64)" = Microsoft Visual J# 2.0 Redistributable Package - SE (x64)
"RealVNC_is1" = VNC Enterprise Edition E4.5.4
"TeraCopy_is1" = TeraCopy 2.12
"VNCMirror_is1" = VNC Mirror Driver 1.8.0
"VNCPrinter_is1" = VNC Printer Driver 1.6.0
"WinRAR archiver" = WinRAR
"XviD MPEG-4 Video Codec_is1" = XviD v1.3.0 CVS
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{076A5070-5A6B-4A84-A1B8-C25B705C942A}" = Radmin Server 3.4
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{2517B7EA-6C03-4D86-A1B1-F3FE1C3BC03B}" = Radmin Viewer 3.4
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10 Platinum HD
"{28A946E1-E83B-4662-BC7C-23451851489E}" = Razer Copperhead
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B65911-1559-4ED5-9461-46957FDD48CD}" = Borderlands
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5FD89EA1-99C2-40EE-BBF5-20F8991ED756}" = Catalyst Control Center - Branding
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{6331C6C0-3754-E910-7113-5013355C8E47}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{64491CEE-3E23-AD3B-F8A5-CCDF2F8B7846}" = Application Profiles
"{655B9514-3963-490B-9EE1-431E80444889}" = Razer Tarantula
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{8236D2E9-2528-4C5C-ABA3-E0B8B657A297}" = BlackSite: Area 51
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{841D4524-7950-4A4F-A4E6-931A1A2E201C}" = TMPGEnc 4.0 XPress
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{85BEC8F6-9AA3-43FF-B56B-8276277137B3}" = Nero 10 Video TransitionPack 1
"{885F5AC6-4413-4D30-99A9-F4494BFA4923}" = Logitech Harmony Remote Software 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-0026-0000-0000-0000000FF1CE}" = Microsoft Expression Web
"{90120000-0026-0407-0000-0000000FF1CE}" = Microsoft Expression Web MUI (German)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95C3927C-C899-C5D8-0EA7-67895FC979B2}" = ccc-core-static
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9CCB3527-C033-415C-88B6-27173B5E3592}" = Tron: Evolution
"{A0B433B1-941D-46F5-AE59-286263534232}" = VMware vSphere Client 4.1
"{A70B0C7B-3527-4D53-A694-E9492ECE9EE1}" = Nero 10 Movie ThemePack 4
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BBB7F293-12A9-821C-9409-013CD8E824EC}" = Application Profiles
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CCF298AF-9CE1-4B26-B251-486E98A34789}" = Windows 7 USB/DVD Download Tool
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DD238642-14C7-4D54-8BD7-FAD6DEA9999B}" = Nero 10 Movie ThemePack 3
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{ED4B50B7-C06B-57FE-7985-AA83DDBEEEF5}" = Catalyst Control Center Graphics Previews Common
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EF3A4DAE-F16F-4AC1-87BB-FE00A784084F}" = Nero 10 PiP EffectPack 1
"{F01A9563-2A27-6ABC-2E04-03B7873DF7E0}" = Catalyst Control Center InstallProxy
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FEEC7E5A-8C86-49B4-A9B1-1CAA79652592}_is1" = Baphomets Fluch - The Directors Cut Version 1.0.697
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alcatraz/DE-German_is1" = Alcatraz
"ArgusMonitor" = ArgusMonitor
"Astaro SSL VPN Client" = Astaro SSL VPN Client 1.7
"AutoGK" = Auto Gordian Knot 2.55
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"Biet-O-Matic v2.14.8" = Biet-O-Matic v2.14.8
"Call of Duty Black Ops GERMAN Uncut 1.00" = Call of Duty Black Ops GERMAN Uncut 1.00
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DUMeter3_is1" = DU Meter
"ElsterFormular 2008 - 2009 2008-2009" = ElsterFormular 2008 - 2009
"ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular für Privatanwender
"eMule" = eMule
"ERUNT_is1" = ERUNT 1.1j
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"F.E.A.R. 2 Project Origin_is1" = F.E.A.R. 2 Project Origin
"Fallout New Vegas_is1" = Fallout New Vegas
"Flatcast_is1" = Flatcast Viewer Plugin 5.2.2.454
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"GPL Ghostscript 9.01" = GPL Ghostscript 9.01
"Homefront_is1" = Homefront
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{7729C083-48C3-4A0F-9692-30673AC856DB}" = ProSafe Plus Utility
"InstallShield_{8A56A332-F833-45CF-9A20-6F3524054843}" = James Bond 007(TM) - Blood Stone
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"JDownloader" = JDownloader
"Marvell Miniport Driver" = Marvell Miniport Driver
"Metro 2033_is1" = Metro 2033
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"PDF Blender" = PDF Blender
"PrintKey2000" = PrintKey2000
"PROPLUS" = Microsoft Office Professional Plus 2007
"Serv-U_is1" = Serv-U 6.4
"Sokoban YASC - Yet Another Sokoban Clone_is1" = Sokoban YASC
"Steam App 10" = Counter-Strike
"TeamViewer 6" = TeamViewer 6
"TrafficMonitor" = TrafficMonitor 4.80
"VLC media player" = VLC media player 1.1.7
"VobSub" = VobSub v2.23 (Remove Only)
"WebDesigner" = Microsoft Expression Web
"Winamp" = Winamp
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.4
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
"WinSetupFromUSB" = WinSetupFromUSB
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.04.2011 11:55:17 | Computer Name = BalloS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4095,
Zeitstempel: 0x4d852c62 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000222c2 ID des fehlerhaften
Prozesses: 0x10e8 Startzeit der fehlerhaften Anwendung: 0x01cbf921dc63c54f Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 42c5c2b1-651d-11e0-8cb4-485b3961b490
Error - 12.04.2011 13:12:49 | Computer Name = BalloS-PC | Source = Application Hang | ID = 1002
Description = Programm DUMeter.exe, Version 5.4.3387.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 9e0 Startzeit:
01cbf934c68e71d7 Endzeit: 3 Anwendungspfad: C:\PROGRA~2\DU Meter\DUMeter.exe Berichts-ID:
128a4865-6528-11e0-8cb4-485b3961b490
Error - 12.04.2011 13:14:53 | Computer Name = BalloS-PC | Source = Application Hang | ID = 1002
Description = Programm DUMeter.exe, Version 5.4.3387.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1618 Startzeit:
01cbf934de3db7ff Endzeit: 2 Anwendungspfad: C:\PROGRA~2\DU Meter\DUMeter.exe Berichts-ID:
603c7d32-6528-11e0-8cb4-485b3961b490
Error - 13.04.2011 00:31:48 | Computer Name = BalloS-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero SoundTrax\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero SoundTrax\NFD\NFD.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NFD,type="win32",version="5.2.0.0". Definition:
NFD,type="win32",version="5.0.0.0". Verwenden Sie das Programm "sxstrace.exe" für
eine detaillierte Diagnose.
Error - 13.04.2011 00:31:48 | Computer Name = BalloS-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Nero\Nero 10\Nero WaveEditor\NMDllHost.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Nero\Nero 10\Nero WaveEditor\NScCoreComponents\NScCoreComponents.MANIFEST"
in Zeile 3. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: NScCoreComponents,type="win32",version="5.3.2.0".
Definition:
NScCoreComponents,type="win32",version="5.3.0.0". Verwenden Sie das Programm "sxstrace.exe"
für eine detaillierte Diagnose.
Error - 13.04.2011 00:32:49 | Computer Name = BalloS-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "d:\wolfenstein\MP\ServerLauncher.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 13.04.2011 02:23:07 | Computer Name = BalloS-PC | Source = WinVNC4 | ID = 1
Description = SDisplay: clipboard: OpenClipboard(getText): Zugriff verweigert (5)
Error - 13.04.2011 02:23:50 | Computer Name = BalloS-PC | Source = WinVNC4 | ID = 1
Description = SDisplay: clipboard: OpenClipboard(getText): Zugriff verweigert (5)
Error - 13.04.2011 02:30:44 | Computer Name = BalloS-PC | Source = WinVNC4 | ID = 1
Description = SDisplay: clipboard: OpenClipboard(getText): Zugriff verweigert (5)
Error - 13.04.2011 02:40:42 | Computer Name = BalloS-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Au_.exe, Version: 0.0.0.0, Zeitstempel:
0x4b1ae3c1 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514, Zeitstempel:
0x4ce7ba58 Ausnahmecode: 0xc00000fd Fehleroffset: 0x0002e02e ID des fehlerhaften Prozesses:
0xd14 Startzeit der fehlerhaften Anwendung: 0x01cbf9a5ae13424f Pfad der fehlerhaften
Anwendung: C:\Users\BalloS\AppData\Local\Temp\~nsu.tmp\Au_.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: f3a3538a-6598-11e0-a7f5-485b3961b490
[ System Events ]
Error - 18.01.2011 13:14:26 | Computer Name = BalloS-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort3 gefunden.
Error - 18.01.2011 13:14:26 | Computer Name = BalloS-PC | Source = Disk | ID = 262159
Description = Das Gerät \Device\Harddisk1\DR1 ist für den Zugriff noch nicht bereit.
Error - 18.01.2011 13:42:58 | Computer Name = BalloS-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 18.01.2011 13:43:35 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 20.01.2011 18:51:51 | Computer Name = BalloS-PC | Source = DCOM | ID = 10010
Description =
Error - 20.01.2011 18:52:04 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 21.01.2011 09:18:31 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 21.01.2011 10:02:39 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 21.01.2011 19:13:48 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
Error - 22.01.2011 21:04:26 | Computer Name = BalloS-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Apache2.2" wurde mit folgendem dienstspezifischem Fehler
beendet: %%1.
< End of report >
|
|
13.04.2011, 12:14
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Unmengen an Upload -> Virus/Trojaner ? Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.
__________________
__________________ |
|
13.04.2011, 12:22
| #4 |
| | Unmengen an Upload -> Virus/Trojaner ? Wusste ich anhand des stöberns hier schon  Gerade ist der Suchlauf durch: Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6350
Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514
13.04.2011 13:10:43
mbam-log-2011-04-13 (13-10-43).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 336756
Laufzeit: 27 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Macht es Sinn auch die anderen Partitionen mit durchsuchen zu lassen ? Würde dabei ein Quick-Scan reichen ? |
|
13.04.2011, 12:51
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unmengen an Upload -> Virus/Trojaner ? Nein, mach bitte Vollscans  Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.04.2011, 12:57
| #6 |
| | Unmengen an Upload -> Virus/Trojaner ? Keine Ahnung. Von mir stammt es nicht. DuMeter zeigt mir in den Verbindungen auch jede Menge Verbindungen zu der Adresse mit verschiendenen Ports an. Code:
ATTFilter Program Local Address & Port Remote Address & Port Connection State
validation.sls.microsoft.com:5357 validation.sls.microsoft.com:59023 TIME_WAIT
validation.sls.microsoft.com:5357 validation.sls.microsoft.com:59024 TIME_WAIT
TeamViewer6 validation.sls.microsoft.com:49157 validation.sls.microsoft.com:49158 ESTABLISHED
TeamViewer6 validation.sls.microsoft.com:49158 validation.sls.microsoft.com:49157 ESTABLISHED
firefox.exe validation.sls.microsoft.com:49201 validation.sls.microsoft.com:49202 ESTABLISHED
firefox.exe validation.sls.microsoft.com:49202 validation.sls.microsoft.com:49201 ESTABLISHED
firefox.exe validation.sls.microsoft.com:49203 validation.sls.microsoft.com:49204 ESTABLISHED
firefox.exe validation.sls.microsoft.com:49204 validation.sls.microsoft.com:49203 ESTABLISHED
TeamViewer6 BalloS-PC.fritz.box:http(80) 193.106.175.184:44979 SYN_RCVD
winvnc4.exe BalloS-PC.fritz.box:5900 p5098dcd3.dip0.t-ipconnect.de:2344 ESTABLISHED
jucheck.exe BalloS-PC.fritz.box:49934 a92-122-207-162.deploy.akamaitechnologies.com:http(80) CLOSE_WAIT
TeamViewer6 BalloS-PC.fritz.box:55814 227.208.81.95.chtts.ru:5938 ESTABLISHED
BalloS-PC.fritz.box:58971 fx-in-f101.1e100.net:http(80) TIME_WAIT
BalloS-PC.fritz.box:59022 fritz.box:49000 TIME_WAIT
|
|
13.04.2011, 13:07
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unmengen an Upload -> Virus/Trojaner ? Validation Check bedeutet, dass MS dein Windows prüft ob es legal oder schwarz ist. Dann verrat uns doch mal ganz ehrlich aus welcher Quelle diese Windows-Installation stammt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 13:11
| #8 |
| | Unmengen an Upload -> Virus/Trojaner ? Ist eine Original Version von Windows 7 64bit. Hab sie über meine Firma günstiger bekommen. Aufgespielt wurde es von einem Kollegen, der mir dann den PC fertig übergeben hatte. Wusste nicht, dass es einen solchen Eintrag in der Hosts Datei gibt, da ja, wie gesagt auch Firefox usw. scheinbar auf die Adresse zugreifen. Da würde es ja keinen Sinn machen, dass sie auf den localhost verweist. Auch funktionieren alle Windowsupdates ohne Probleme. Es gab noch nie in irgendeiner Weise eine Fehlermeldung, dass die Version nicht echt wäre. |
|
13.04.2011, 13:19
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unmengen an Upload -> Virus/Trojaner ? Downloade Dir bitte WVCheck von Artellos.com
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 13:38
| #10 |
| | Unmengen an Upload -> Virus/Trojaner ?Code:
ATTFilter Windows Validation Check
Version: 1.9.12.5
Log Created On: 1435_13-04-2011
-----------------------
Windows Information
-----------------------
Windows Version: Windows 7 Service Pack 1
Windows Mode: Normal
Systemroot Path: C:\Windows
WVCheck's Auto Update Check
-----------------------
Auto-Update Option: Download updates automatically, but ask me when I want to install them.
-----------------------
Last Success Time for Update Detection: 2011-04-13 08:33:43
Last Success Time for Update Download: 2011-04-13 08:37:51
Last Success Time for Update Installation: 2011-04-13 08:43:21
WVCheck's Registry Check Check
-----------------------
Antiwpa: Not Found
-----------------------
Chew7Hale: Not Found
-----------------------
WVCheck's File Dump
-----------------------
WVCheck found no known bad files.
WVCheck's Dir Dump
-----------------------
WVCheck found no known bad directories.
WVCheck's Missing File Check
-----------------------
WVCheck found no missing Windows files.
WVCheck's MBAM Quarantine Check
-----------------------
There were no bad files quarantined by MBAM.
WVCheck's HOSTS File Check
-----------------------
Line: 127.0.0.1 validation.sls.microsoft.com
Matched: *microsoft.com*
-----------------------
WVCheck's MD5 Check
EXPERIMENTAL!!
-----------------------
user32.dll - 5e0db2d8b2750543cd2ebb9ea8e6cdd3
-------- End of File, program close at 1435_13-04-2011 --------
|
|
13.04.2011, 13:40
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unmengen an Upload -> Virus/Trojaner ? AdobeCS5 auch original? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 76 bytes -> C:\Users\BalloS\Documents\Bewerbungen:Roxio EMC Stream
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:319E7F0B
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\Shell\install\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Launcher.exe
O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTORUN.exe
O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell - "" = AutoRun
O33 - MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\Shell\AutoRun\command - "" = H:\Autorun.exe
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 13:52
| #12 |
| | Unmengen an Upload -> Virus/Trojaner ? Adobe CS5 war eine Testversion von Adobe Dreamweaver CS5, wo der Testzeitraum aber schon abgelaufen ist. Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\Users\BalloS\Documents\Bewerbungen:Roxio EMC Stream deleted successfully.
ADS C:\ProgramData\Temp:319E7F0B deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55640-d3aa-11df-82c4-806e6f6e6963}\ not found.
File H:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1cc55641-d3aa-11df-82c4-806e6f6e6963}\ not found.
File I:\Launcher.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c0-e4d3-11df-ad15-806e6f6e6963}\ not found.
File H:\AUTORUN.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{289cc7c1-e4d3-11df-ad15-806e6f6e6963}\ not found.
File I:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a841895-e41f-11df-b887-485b3961b490}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7a841895-e41f-11df-b887-485b3961b490}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7a841895-e41f-11df-b887-485b3961b490}\ not found.
File H:\Autorun.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: BalloS
->Temp folder emptied: 9226180 bytes
->Temporary Internet Files folder emptied: 673924 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46872125 bytes
->Flash cache emptied: 692 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3566 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 54,00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 04132011_144543
Files\Folders moved on Reboot...
C:\Users\BalloS\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{073FBA05-5F38-46D3-8EAB-57BE269BE07C}.tmp moved successfully.
C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4819B7E3-51ED-484B-B16B-9B6D5DF636F3}.tmp moved successfully.
C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9F050FA5-C944-4E67-A189-62710EA13371}.tmp moved successfully.
File\Folder C:\Users\BalloS\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DEA57802-155A-4061-B738-040B5B3DB195}.tmp not found!
Registry entries deleted on Reboot...
|
|
13.04.2011, 14:01
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unmengen an Upload -> Virus/Trojaner ? Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.04.2011, 14:07
| #14 |
| | Unmengen an Upload -> Virus/Trojaner ?Code:
ATTFilter 2011/04/13 15:04:54.0088 4732 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/13 15:04:54.0344 4732 ================================================================================
2011/04/13 15:04:54.0344 4732 SystemInfo:
2011/04/13 15:04:54.0344 4732
2011/04/13 15:04:54.0344 4732 OS Version: 6.1.7601 ServicePack: 1.0
2011/04/13 15:04:54.0344 4732 Product type: Workstation
2011/04/13 15:04:54.0344 4732 ComputerName: BALLOS-PC
2011/04/13 15:04:54.0345 4732 UserName: BalloS
2011/04/13 15:04:54.0345 4732 Windows directory: C:\Windows
2011/04/13 15:04:54.0345 4732 System windows directory: C:\Windows
2011/04/13 15:04:54.0345 4732 Running under WOW64
2011/04/13 15:04:54.0345 4732 Processor architecture: Intel x64
2011/04/13 15:04:54.0345 4732 Number of processors: 4
2011/04/13 15:04:54.0345 4732 Page size: 0x1000
2011/04/13 15:04:54.0345 4732 Boot type: Normal boot
2011/04/13 15:04:54.0345 4732 ================================================================================
2011/04/13 15:04:55.0675 4732 Initialize success
2011/04/13 15:05:02.0060 3976 ================================================================================
2011/04/13 15:05:02.0060 3976 Scan started
2011/04/13 15:05:02.0060 3976 Mode: Manual;
2011/04/13 15:05:02.0060 3976 ================================================================================
2011/04/13 15:05:02.0626 3976 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/04/13 15:05:02.0668 3976 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/04/13 15:05:02.0699 3976 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/04/13 15:05:02.0745 3976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/13 15:05:02.0771 3976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/13 15:05:02.0793 3976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/13 15:05:02.0862 3976 AFD (d31dc7a16dea4a9baf179f3d6fbdb38c) C:\Windows\system32\drivers\afd.sys
2011/04/13 15:05:02.0903 3976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/04/13 15:05:02.0935 3976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/04/13 15:05:02.0990 3976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/04/13 15:05:03.0022 3976 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
2011/04/13 15:05:03.0046 3976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/13 15:05:03.0197 3976 amdkmdag (df943a113060d3abfda4730ae4163d6f) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/04/13 15:05:03.0357 3976 amdkmdap (4003b34b4a83de29cd1c88eb6c869e58) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/04/13 15:05:03.0379 3976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/13 15:05:03.0407 3976 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
2011/04/13 15:05:03.0435 3976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/13 15:05:03.0465 3976 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
2011/04/13 15:05:03.0521 3976 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/04/13 15:05:03.0553 3976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/13 15:05:03.0571 3976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/13 15:05:03.0613 3976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/13 15:05:03.0645 3976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/04/13 15:05:03.0694 3976 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
2011/04/13 15:05:03.0731 3976 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys
2011/04/13 15:05:03.0772 3976 avgntflt (39c2e2870fc0c2ae0595b883cbe716b4) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/04/13 15:05:03.0798 3976 avipbb (c98fa6e5ad0e857d22716bd2b8b1f399) C:\Windows\system32\DRIVERS\avipbb.sys
2011/04/13 15:05:03.0831 3976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/13 15:05:03.0864 3976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/13 15:05:03.0901 3976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/13 15:05:03.0931 3976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/13 15:05:03.0975 3976 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/13 15:05:03.0993 3976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/13 15:05:04.0009 3976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/13 15:05:04.0039 3976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/13 15:05:04.0065 3976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/13 15:05:04.0083 3976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/13 15:05:04.0100 3976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/13 15:05:04.0119 3976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/13 15:05:04.0150 3976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/13 15:05:04.0186 3976 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/04/13 15:05:04.0209 3976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/13 15:05:04.0255 3976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/13 15:05:04.0289 3976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/13 15:05:04.0324 3976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/04/13 15:05:04.0366 3976 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/04/13 15:05:04.0394 3976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/13 15:05:04.0424 3976 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/04/13 15:05:04.0473 3976 copperhd (44622785d2d2dd8b13e6dc969b6e34a4) C:\Windows\system32\drivers\copperhd.sys
2011/04/13 15:05:04.0489 3976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/13 15:05:04.0528 3976 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
2011/04/13 15:05:04.0588 3976 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/04/13 15:05:04.0617 3976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/13 15:05:04.0653 3976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/13 15:05:04.0770 3976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/13 15:05:04.0913 3976 DUMeterDrv (0fc200432b49029445392ce544715408) C:\Program Files (x86)\DU Meter\DUMETR64.SYS
2011/04/13 15:05:04.0950 3976 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/13 15:05:05.0023 3976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/13 15:05:05.0114 3976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/13 15:05:05.0153 3976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/04/13 15:05:05.0193 3976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/13 15:05:05.0223 3976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/13 15:05:05.0247 3976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/13 15:05:05.0283 3976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/13 15:05:05.0310 3976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/13 15:05:05.0328 3976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/13 15:05:05.0365 3976 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/04/13 15:05:05.0398 3976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/13 15:05:05.0426 3976 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/13 15:05:05.0457 3976 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/13 15:05:05.0479 3976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/13 15:05:05.0501 3976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/13 15:05:05.0551 3976 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/04/13 15:05:05.0591 3976 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/04/13 15:05:05.0605 3976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/13 15:05:05.0622 3976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/13 15:05:05.0639 3976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/13 15:05:05.0687 3976 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/04/13 15:05:05.0754 3976 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/04/13 15:05:05.0809 3976 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/04/13 15:05:05.0858 3976 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/13 15:05:05.0907 3976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/04/13 15:05:05.0938 3976 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
2011/04/13 15:05:05.0990 3976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/13 15:05:06.0025 3976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/04/13 15:05:06.0049 3976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/13 15:05:06.0089 3976 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/13 15:05:06.0116 3976 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/04/13 15:05:06.0151 3976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/13 15:05:06.0172 3976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/13 15:05:06.0193 3976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/04/13 15:05:06.0222 3976 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/04/13 15:05:06.0258 3976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/04/13 15:05:06.0280 3976 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/04/13 15:05:06.0310 3976 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/13 15:05:06.0352 3976 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/13 15:05:06.0377 3976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/13 15:05:06.0422 3976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/13 15:05:06.0457 3976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/13 15:05:06.0484 3976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/13 15:05:06.0503 3976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/13 15:05:06.0536 3976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/13 15:05:06.0566 3976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/13 15:05:06.0596 3976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/13 15:05:06.0619 3976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/13 15:05:06.0653 3976 mirrorv3 (090ee52afdff9932909c480bdda0c8ce) C:\Windows\system32\DRIVERS\rminiv3.sys
2011/04/13 15:05:06.0679 3976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/13 15:05:06.0704 3976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/13 15:05:06.0725 3976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/04/13 15:05:06.0748 3976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/13 15:05:06.0773 3976 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/04/13 15:05:06.0805 3976 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/04/13 15:05:06.0830 3976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/13 15:05:06.0866 3976 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/04/13 15:05:06.0906 3976 mrxsmb (c2b4651001a867ff3f8865863b592991) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/13 15:05:06.0933 3976 mrxsmb10 (7e79946afc5f799ab62982282be5ac13) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/13 15:05:06.0966 3976 mrxsmb20 (5fb954100cea2bfec6446fbbecaa3f79) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/13 15:05:06.0989 3976 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/04/13 15:05:07.0015 3976 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/04/13 15:05:07.0060 3976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/13 15:05:07.0089 3976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/13 15:05:07.0108 3976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/04/13 15:05:07.0155 3976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/13 15:05:07.0174 3976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/13 15:05:07.0195 3976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/13 15:05:07.0222 3976 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/04/13 15:05:07.0257 3976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/04/13 15:05:07.0275 3976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/13 15:05:07.0296 3976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/13 15:05:07.0337 3976 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/04/13 15:05:07.0365 3976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/13 15:05:07.0401 3976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/13 15:05:07.0456 3976 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/04/13 15:05:07.0488 3976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/13 15:05:07.0519 3976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/13 15:05:07.0553 3976 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/13 15:05:07.0595 3976 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/13 15:05:07.0636 3976 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/04/13 15:05:07.0670 3976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/13 15:05:07.0704 3976 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/13 15:05:07.0761 3976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/13 15:05:07.0819 3976 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
2011/04/13 15:05:07.0849 3976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/13 15:05:07.0879 3976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/13 15:05:07.0937 3976 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
2011/04/13 15:05:08.0002 3976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/13 15:05:08.0033 3976 nusb3hub (8ebcb9165ee7f1571842f4d9d624a74c) C:\Windows\system32\DRIVERS\nusb3hub.sys
2011/04/13 15:05:08.0060 3976 nusb3xhc (5d54dbb12bbfe07cc283fd39f2cd6d63) C:\Windows\system32\DRIVERS\nusb3xhc.sys
2011/04/13 15:05:08.0107 3976 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
2011/04/13 15:05:08.0144 3976 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
2011/04/13 15:05:08.0176 3976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/04/13 15:05:08.0216 3976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/04/13 15:05:08.0277 3976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/13 15:05:08.0314 3976 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/04/13 15:05:08.0363 3976 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/04/13 15:05:08.0377 3976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/04/13 15:05:08.0403 3976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/13 15:05:08.0433 3976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/13 15:05:08.0463 3976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/13 15:05:08.0564 3976 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/13 15:05:08.0584 3976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/13 15:05:08.0632 3976 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/13 15:05:08.0670 3976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/13 15:05:08.0746 3976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/13 15:05:08.0777 3976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/13 15:05:08.0858 3976 raddrvv3 (eaea964b2d9b23c6adc5332c9b1cf228) C:\Windows\SysWOW64\rserver30\raddrvv3.sys
2011/04/13 15:05:08.0874 3976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/13 15:05:08.0908 3976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/13 15:05:08.0946 3976 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/13 15:05:08.0990 3976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/13 15:05:09.0013 3976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/13 15:05:09.0044 3976 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/13 15:05:09.0072 3976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/13 15:05:09.0096 3976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/13 15:05:09.0136 3976 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
2011/04/13 15:05:09.0165 3976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/13 15:05:09.0188 3976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/13 15:05:09.0225 3976 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
2011/04/13 15:05:09.0261 3976 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/04/13 15:05:09.0302 3976 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/04/13 15:05:09.0379 3976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/13 15:05:09.0416 3976 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
2011/04/13 15:05:09.0460 3976 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/04/13 15:05:09.0504 3976 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/13 15:05:09.0540 3976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/13 15:05:09.0576 3976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/13 15:05:09.0601 3976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/13 15:05:09.0644 3976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/13 15:05:09.0691 3976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/04/13 15:05:09.0715 3976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/04/13 15:05:09.0735 3976 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/04/13 15:05:09.0761 3976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/13 15:05:09.0794 3976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/13 15:05:09.0812 3976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/13 15:05:09.0837 3976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/13 15:05:09.0875 3976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/13 15:05:09.0939 3976 sptd (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
2011/04/13 15:05:09.0939 3976 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
2011/04/13 15:05:09.0944 3976 sptd - detected Locked file (1)
2011/04/13 15:05:09.0974 3976 srv (65bbf4920148c2ee279055da7228fc7b) C:\Windows\system32\DRIVERS\srv.sys
2011/04/13 15:05:10.0012 3976 srv2 (da939f762a1ccc2d77428621ddbd40a7) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/13 15:05:10.0047 3976 srvnet (3f847c9dc87299516f7dc82fb6572865) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/13 15:05:10.0122 3976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/13 15:05:10.0148 3976 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
2011/04/13 15:05:10.0183 3976 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
2011/04/13 15:05:10.0220 3976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/04/13 15:05:10.0300 3976 tap0901 (1329c8623cd686a4f85f7ba471f015d2) C:\Windows\system32\DRIVERS\tap0901.sys
2011/04/13 15:05:10.0355 3976 TarFltr (827f682e9d2d9b2a49691c3a9697a3bb) C:\Windows\system32\drivers\UsbFltr.sys
2011/04/13 15:05:10.0411 3976 Tcpip (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\drivers\tcpip.sys
2011/04/13 15:05:10.0495 3976 TCPIP6 (509383e505c973ed7534a06b3d19688d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/13 15:05:10.0532 3976 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/13 15:05:10.0565 3976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/13 15:05:10.0581 3976 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/13 15:05:10.0614 3976 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/13 15:05:10.0653 3976 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/04/13 15:05:10.0716 3976 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/13 15:05:10.0749 3976 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/04/13 15:05:10.0800 3976 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/13 15:05:10.0832 3976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/13 15:05:10.0870 3976 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/13 15:05:10.0938 3976 uisp (75894b827b8ca53fc2bb991c91b6728c) C:\Windows\system32\Drivers\usbicp.sys
2011/04/13 15:05:10.0967 3976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/04/13 15:05:11.0010 3976 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/04/13 15:05:11.0036 3976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/13 15:05:11.0073 3976 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
2011/04/13 15:05:11.0101 3976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/04/13 15:05:11.0128 3976 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/13 15:05:11.0177 3976 usbfilter (858be9c0e498c8e505e198e17eece0d9) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/04/13 15:05:11.0207 3976 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/13 15:05:11.0240 3976 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/13 15:05:11.0270 3976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/13 15:05:11.0299 3976 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/13 15:05:11.0313 3976 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/13 15:05:11.0354 3976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/04/13 15:05:11.0381 3976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/13 15:05:11.0401 3976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/13 15:05:11.0444 3976 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/04/13 15:05:11.0497 3976 VIAHdAudAddService (8f69c38a8ba725f891f26aac8888696e) C:\Windows\system32\drivers\viahduaa.sys
2011/04/13 15:05:11.0543 3976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/04/13 15:05:11.0572 3976 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
2011/04/13 15:05:11.0602 3976 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
2011/04/13 15:05:11.0635 3976 VMfilt (754c8bf43f0dd4b54865f174a62761e9) C:\Windows\system32\drivers\VMfilt64.sys
2011/04/13 15:05:11.0670 3976 vncmirror (93f279a2c172562050700a18fa84be2e) C:\Windows\system32\DRIVERS\vncmirror.sys
2011/04/13 15:05:11.0695 3976 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/04/13 15:05:11.0729 3976 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/04/13 15:05:11.0761 3976 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/04/13 15:05:11.0807 3976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/13 15:05:11.0836 3976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/04/13 15:05:11.0863 3976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/13 15:05:11.0886 3976 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 15:05:11.0901 3976 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/13 15:05:11.0938 3976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/13 15:05:11.0970 3976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/13 15:05:12.0034 3976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/13 15:05:12.0058 3976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/13 15:05:12.0133 3976 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/04/13 15:05:12.0166 3976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/04/13 15:05:12.0213 3976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/13 15:05:12.0268 3976 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/04/13 15:05:12.0307 3976 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/13 15:05:12.0368 3976 yukonw7 (b2818bfab7817f7e7ee886f58b15b35c) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/04/13 15:05:12.0462 3976 ================================================================================
2011/04/13 15:05:12.0462 3976 Scan finished
2011/04/13 15:05:12.0462 3976 ================================================================================
2011/04/13 15:05:12.0477 0632 Detected object count: 1
2011/04/13 15:05:29.0312 0632 Locked file(sptd) - User select action: Skip
|
|
13.04.2011, 14:11
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Unmengen an Upload -> Virus/Trojaner ? Unauffällig. Code:
ATTFilter TeamViewer6 validation.sls.microsoft.com:49157 validation.sls.microsoft.com:49158 ESTABLISHED
TeamViewer6 validation.sls.microsoft.com:49158 validation.sls.microsoft.com:49157 ESTABLISHED
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Unmengen an Upload -> Virus/Trojaner ? |
| bewusst, daten, dinge, einfach, emule, folge, folgendes, fritz box, gen, heute, internet, logdateien, neustarten, nicht mehr, p2p, programm, remote, senden, traffic, upload, verbindungen, viren, virus/trojaner, welchem, wireshark, zeiten |
Linear-Darstellung
