internet lahm, kann firefox.exe nicht beenden! malwarebytes sagt: Generic.Bot.H!

#0
22.11.2009, 17:06
Member

Beiträge: 20
#1 Hallo liebes Forum,

hab mir vor zwei Wochen Win7 Prof zugelegt (als SB-Version), alle Updates gezogen, avast!-Antivirus installiert und hatte bisher auch keine Probleme.
Allerdings sieht das seit 2 Tagen anders aus:

Mein Rechner hat nur noch extrem miese Latenzzeiten (nicht nur beim Zocken) im Netz. Teilweise laggt es wie bekloppt, hab jetzt selber mal geschaut und im taskmanager herausgefunden, dass ich permanent ne firefox.exe am laufen hab. wenn ich die beende, kommt kurz drauf ne neue.

hab von hijackthis erfahren, gezogen, gescannt und mit dem online-formular bewerten lassen, allerdings hab ich grad echt keine ahnung was genau mir da angezeigt wird. 4 einträge werden wohl als schädlich einfgestuft, aber was genau ich machen muss bzw was wirklich schädlich ist. keine ahnung.

hier mal das logfile von hijackthis!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:02:59, on 22.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
I:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
I:\Programme\Teamspeak2_RC2\TeamSpeak.exe
I:\Programme\Hamachi\hamachi.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKLM\..\Policies\Explorer\Run: [ctfmon] C:\Windows\system32\sndvol32.exe
O4 - HKCU\..\Policies\Explorer\Run: [ctfmon] C:\Windows\system32\sndvol32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9548 bytes

Hoffentlich kann mir jemand helfen, so ists kaum zum aushalten. Wahrscheinlich wird jetzt sogar das posten dieses Threads hier ne halbe Ewigkeit dauern... ;)
Vielen Dank schonmal,
Robsen
Dieser Beitrag wurde am 22.11.2009 um 17:45 Uhr von Robsen_Ponte editiert.
Seitenanfang Seitenende
22.11.2009, 17:40
Member

Themenstarter

Beiträge: 20
#2 ach so: die einträge, die als schädlich eingestuft wurden, sind diese hier:

O4 - HKLM\..\Policies\Explorer\Run: [ctfmon] C:\Windows\system32\sndvol32.exe
O4 - HKCU\..\Policies\Explorer\Run: [ctfmon] C:\Windows\system32\sndvol32.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

bei beiden letzten Einträgen steht folgendes dahinter: "Der angebliche Systemprozess läuft nicht im System32 Ordner und ist deshalb als schädlich einzustufen. Dieser Dienst (lsass.exe) scheint schädlich zu sein.
Prozess läuft nicht im System32 Ordner!"

Hab grad mal Malwarebytes drüberlaufen lassen und zwei Infektionen gefunden. Hab sie entfernt, den Rechner neugestartet, aber sie warn wieder da. Hilfe bitte.... ;)

Logfile Malwarebytes:
Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3213
Windows 6.1.7600

22.11.2009 17:45:42
mbam-log-2009-11-22 (17-45-42).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 21626
Laufzeit: 45 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ey0kat7-134k-ic08-40l8-6o0127s53167} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\sndvol32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
Dieser Beitrag wurde am 22.11.2009 um 17:48 Uhr von Robsen_Ponte editiert.
Seitenanfang Seitenende
22.11.2009, 22:57
Moderator

Beiträge: 5694
#3 Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen.

Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

Code


C:\Windows\system32\sndvol32.exe
C:\Windows\system32\efssvc.dll


>>
4. RSIT (Systemdetails)


* Lade Random's System Information Tool (RSIT) von random/random herunter,

* speichere es auf dem Desktop.

* Starte mit Doppelklick die RSIT.exe

* Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.

* Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.

* In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren: I accept.

* Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.

* Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.

* Wenn der Scan beendet ist, werden zwei Logfiles erstellt und im Text-Editor geöffnet.

* Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (= minimiert) hier
Seitenanfang Seitenende
22.11.2009, 23:48
Member

Themenstarter

Beiträge: 20
#4 hey swisstreasure,

vielen dank für deine mühen. mir hat das problem aber irgendwie keine ruhe gelassen und ich hab übers googlen ne seite gefunden, wo jemand eine ähnlich geartete infektion hatte. hab mich an deren anweisungen gehalten und das firefox.exe problem ist weg, die pings sind momentan auch okay, auch malwarebytes findet nix mehr.

dafür, dass jetzt alles clean ist, spricht auch, dass ich beide dateien (sndvol32.exe und efssvc.dll) nicht mehr im system32-ordner finden kann oder was meinst du?

also, wie gesagt, habe DIESE anleitung befolgt:
http://www.spywareinfoforum.com/index.php?showtopic=125950

trotzdem hier nochmal mein hijackthis-log, aktuellster stand:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:46:37, on 22.11.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
I:\Programme\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
I:\Programme\Teamspeak2_RC2\TeamSpeak.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "I:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Auswahl erfassen - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Als HTML speichern - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Markierten Text speichern - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O13 - Gopher Prefix:
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

also, was sagst du dazu? soll ich RSIT auch mal drüber ziehen oder ist mein problem verschwunden - oder nur besser versteckt?!?
;)

grüsse,
robsen
Seitenanfang Seitenende
22.11.2009, 23:53
Moderator

Beiträge: 5694
#5 Es ist wichtig, dass DU wenn DU schon hier postest nur das machst was man Dir sagt. Alles andere macht keinen Sinn. Was hast du dann gemacht? Combofix angewendet?
Seitenanfang Seitenende
23.11.2009, 00:20
Member

Themenstarter

Beiträge: 20
#6 Ja, du hast ja recht. ihr seid ja auch schon extrem schnell hier mit den lösungen, aber mir hats keine ruhe gelassen, deswegen hab ich mich durchgewühlt....

combofix hab ich net mehr angewendet. nach der CCleaner-aktion war schluss, da ich nix mehr gefunden hab, bzw die probleme weg sind. wahrscheinlich zu früh gefreut oder?
Seitenanfang Seitenende
23.11.2009, 00:30
Moderator

Beiträge: 5694
#7 Dass kann ich noch nicht sagen.
Mache RSIT und poste die Logs.

Da kann ich dann einiges noch rauslesen ;)
Seitenanfang Seitenende
23.11.2009, 00:41
Member

Themenstarter

Beiträge: 20
#8 ich hab alles so gemacht, wie beschrieben, hab aber nen fehler. wenn ich RSIT ausgeführt habe kommt folgendes:

AutoIT Error
Line-1:
Error: Variable used without being declared.

bricht ab und das wars....
Seitenanfang Seitenende
23.11.2009, 11:12
Moderator

Beiträge: 5694
#9 Systemdetails mit OTS von Oldtimer prüfen

Downloade OTS.exe und speichere es unbedingt auf Deinem Desktop. Starte die Installation mit einem Doppelklick auf die OTS.exe, das Programm wird in einen eigenen Ordner namens OTS auf Deinem Desktop entpackt/installiert (Button Extract).
• Schließe alle Anwendungen inkl. Browser.
• Wenn Dein Anti-Viren-Programm bei OTS Meldung macht, erlaube es.
• Öffne den Ordner OTS und mache einen Doppelklick auf die OTS.exe, um das Programm zu starten.
• Mache einen Haken bei "Scan All Users".
• Klicke auf den Button "Run Scan" links oben, um die Untersuchung zu starten
(bitte ohne Anweisung keine Änderungen der Einstellungen vornehmen).
• Das Programm wird einige Details Deines Systems prüfen und einen Bericht davon erstellen, je nach Umfang kann das eine Weile dauern.
Lasse das Programm in Ruhe scannen, bis es fertig ist.
Mache währenddessen nichts anderes an dem Rechner.
• Wenn der Scan durchgeführt ist (Scan complete!), öffnet sich der Editor mit dem Logfile.
• Das Logfile wird unter C:\Dokumente und Einstellungen\<Benutzername>\Desktop\OTS\OtS.Txt gespeichert.
• Poste das Logfile hier in den Thread.
Seitenanfang Seitenende
23.11.2009, 12:48
Member

Themenstarter

Beiträge: 20
#10 [code]OTS logfile created on: 23.11.2009 12:26:24 - Run 1
OTS by OldTimer - Version 3.1.6.2 Folder = C:\Users\Robsen\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 3,14 Gb Available Physical Memory | 78,56% Memory free
4,00 Gb Paging File | 4,00 Gb Available in Paging File | 100,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 72,13 Gb Free Space | 73,94% Space Free | Partition Type: NTFS
Drive D: | 368,10 Gb Total Space | 368,00 Gb Free Space | 99,97% Space Free | Partition Type: NTFS
Drive E: | 36,93 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 146,48 Gb Total Space | 146,39 Gb Free Space | 99,94% Space Free | Partition Type: NTFS
Drive H: | 97,83 Gb Total Space | 57,32 Gb Free Space | 58,59% Space Free | Partition Type: NTFS
Drive I: | 221,44 Gb Total Space | 178,78 Gb Free Space | 80,74% Space Free | Partition Type: NTFS

Computer Name: PHOENIX
Current User Name: Robsen
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Users\Robsen\Desktop\OTS.exe -> [2009.11.23 12:25:27 | 00,525,824 | ---- | M] (OldTimer Tools)
googlecrashhandler.exe -> C:\Program Files (x86)\Google\Update\1.2.183.13\GoogleCrashHandler.exe -> [2009.11.19 15:39:07 | 00,136,176 | ---- | M] (Google Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009.11.17 14:54:13 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009.09.27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation)
nvscpapisvr.exe -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009.09.27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation)
ashdisp.exe -> C:\Programme\Alwil Software\Avast4\ashDisp.exe -> [2009.09.15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Programme\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Programme\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Programme\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Programme\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Programme\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Programme\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashserv.exe -> C:\Programme\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -> [2009.09.15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -> [2009.09.15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -> [2009.09.15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -> [2009.09.15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -> [2009.09.15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
ashmaisv.exe -> C:\Programme\Alwil Software\Avast4\ashMaiSv.exe -> [2009.09.15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
ashwebsv.exe -> C:\Programme\Alwil Software\Avast4\ashWebSv.exe -> [2009.09.15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software)
aswupdsv.exe -> C:\Programme\Alwil Software\Avast4\aswUpdSv.exe -> [2009.09.15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software)

[Modules - Safe List]
ots.exe -> C:\Users\Robsen\Desktop\OTS.exe -> [2009.11.23 12:25:27 | 00,525,824 | ---- | M] (OldTimer Tools)
vssapi.dll -> C:\Windows\SysWOW64\vssapi.dll -> [2009.07.14 02:16:17 | 01,123,328 | ---- | M] (Microsoft Corporation)
vsstrace.dll -> C:\Windows\SysWOW64\vsstrace.dll -> [2009.07.14 02:16:17 | 00,056,320 | ---- | M] (Microsoft Corporation)
spp.dll -> C:\Windows\SysWOW64\spp.dll -> [2009.07.14 02:16:15 | 00,171,008 | ---- | M] (Microsoft Corporation)
srclient.dll -> C:\Windows\SysWOW64\srclient.dll -> [2009.07.14 02:16:15 | 00,043,008 | ---- | M] (Microsoft Corporation)
atl.dll -> C:\Windows\SysWOW64\atl.dll -> [2009.07.14 02:14:57 | 00,070,144 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009.07.14 02:03:50 | 01,680,896 | ---- | M] (Microsoft Corporation)

[Win32 Services - Safe List]
64bit-(avast! Antivirus) [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\ashServ.exe -> [2009.09.15 12:56:43 | 00,138,680 | ---- | M] (ALWIL Software)
64bit-(avast! Mail Scanner) [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -> [2009.09.15 12:56:28 | 00,254,040 | ---- | M] (ALWIL Software)
64bit-(avast! Web Scanner) [On_Demand | Running] -> C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -> [2009.09.15 12:54:13 | 00,352,920 | ---- | M] (ALWIL Software)
64bit-(aswUpdSv) [Auto | Running] -> C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -> [2009.09.15 12:49:40 | 00,018,752 | ---- | M] (ALWIL Software)
64bit-(WwanSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009.07.14 02:41:59 | 00,229,888 | ---- | M] (Microsoft Corporation)
64bit-(WbioSrvc) [On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009.07.14 02:41:56 | 00,202,240 | ---- | M] (Microsoft Corporation)
64bit-(UmRdpService) [On_Demand | Stopped] -> C:\Windows\SysNative\umrdp.dll -> [2009.07.14 02:41:56 | 00,195,072 | ---- | M] (Microsoft Corporation)
64bit-(Power) [Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009.07.14 02:41:56 | 00,163,840 | ---- | M] (Microsoft Corporation)
64bit-(Themes) [Auto | Running] -> C:\Windows\SysNative\themeservice.dll -> [2009.07.14 02:41:55 | 00,044,544 | ---- | M] (Microsoft Corporation)
64bit-(sppuinotify) [On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009.07.14 02:41:54 | 00,065,536 | ---- | M] (Microsoft Corporation)
64bit-(SensrSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009.07.14 02:41:54 | 00,029,184 | ---- | M] (Microsoft Corporation)
64bit-(StorSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\StorSvc.dll -> [2009.07.14 02:41:54 | 00,017,920 | ---- | M] (Microsoft Corporation)
64bit-(PeerDistSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\PeerDistSvc.dll -> [2009.07.14 02:41:53 | 01,361,920 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc) [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009.07.14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation)
64bit-(p2pimsvc) [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009.07.14 02:41:53 | 00,327,168 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupProvider) [On_Demand | Running] -> C:\Windows\SysNative\provsvc.dll -> [2009.07.14 02:41:53 | 00,187,904 | ---- | M] (Microsoft Corporation)
64bit-(RpcEptMapper) [Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009.07.14 02:41:53 | 00,067,072 | ---- | M] (Microsoft Corporation)
64bit-(PNRPAutoReg) [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009.07.14 02:41:53 | 00,025,088 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupListener) [On_Demand | Running] -> C:\Windows\SysNative\ListSvc.dll -> [2009.07.14 02:41:18 | 00,231,936 | ---- | M] (Microsoft Corporation)
64bit-(FontCache) [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009.07.14 02:40:54 | 01,127,936 | ---- | M] (Microsoft Corporation)
64bit-(Dhcp) [Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009.07.14 02:40:28 | 00,314,368 | ---- | M] (Microsoft Corporation)
64bit-(defragsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009.07.14 02:40:28 | 00,291,328 | ---- | M] (Microsoft Corporation)
64bit-(CscService) [Auto | Running] -> C:\Windows\SysNative\cscsvc.dll -> [2009.07.14 02:40:24 | 00,689,152 | ---- | M] (Microsoft Corporation)
64bit-(bthserv) [On_Demand | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009.07.14 02:40:13 | 00,083,968 | ---- | M] (Microsoft Corporation)
64bit-(BDESVC) [Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009.07.14 02:40:10 | 00,100,864 | ---- | M] (Microsoft Corporation)
64bit-(AxInstSV) [On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSv.dll -> [2009.07.14 02:40:05 | 00,114,688 | ---- | M] (Microsoft Corporation)
64bit-(AppMgmt) [On_Demand | Stopped] -> C:\Windows\SysNative\appmgmts.dll -> [2009.07.14 02:40:01 | 00,193,536 | ---- | M] (Microsoft Corporation)
64bit-(AppIDSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009.07.14 02:40:01 | 00,032,256 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) [Auto | Running] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2009.07.14 02:39:56 | 01,525,248 | ---- | M] (Microsoft Corporation)
64bit-(wbengine) [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009.07.14 02:39:51 | 01,503,744 | ---- | M] (Microsoft Corporation)
64bit-(sppsvc) [Auto | Stopped] -> C:\Windows\SysNative\sppsvc.exe -> [2009.07.14 02:39:28 | 03,524,608 | ---- | M] (Microsoft Corporation)
64bit-(Fax) [On_Demand | Stopped] -> C:\Windows\SysNative\FXSSVC.exe -> [2009.07.14 02:39:11 | 00,689,152 | ---- | M] (Microsoft Corporation)
(gupdate) Google Update Service (gupdate) [Auto | Stopped] -> C:\Program Files (x86)\Google\Update\GoogleUpdate.exe -> [2009.11.19 15:39:06 | 00,135,664 | ---- | M] (Google Inc.)
(Stereo Service) NVIDIA Stereoscopic 3D Driver Service [Auto | Running] -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -> [2009.09.27 16:48:00 | 00,240,232 | ---- | M] (NVIDIA Corporation)
(VSS) Volumeschattenkopie [On_Demand | Stopped] -> C:\Windows\Vss -> [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
(ehRecvr) Windows Media Center-Empfängerdienst [On_Demand | Stopped] -> C:\Windows\ehome\ehrecvr.exe -> [2009.07.14 02:39:09 | 00,696,832 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center-Planerdienst [On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2009.07.14 02:39:09 | 00,127,488 | ---- | M] (Microsoft Corporation)
(HomeGroupProvider) Heimnetzgruppen-Anbieter [On_Demand | Running] -> C:\Windows\SysWOW64\provsvc.dll -> [2009.07.14 02:16:12 | 00,165,376 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP-Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcore.dll -> [2009.07.14 02:15:11 | 00,253,440 | ---- | M] (Microsoft Corporation)
(vds) Virtueller Datenträger [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2009.07.13 21:30:11 | 00,061,056 | ---- | M] ()
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2009.06.10 22:23:09 | 00,066,384 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009.06.10 21:39:58 | 00,089,920 | ---- | M] (Microsoft Corporation)
(FontCache3.0.0.0) Windows Presentation Foundation-Schriftartcache 3.0.0.0 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2009.06.10 21:30:59 | 00,042,840 | ---- | M] (Microsoft Corporation)
(idsvc) Windows CardSpace [Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2009.06.10 21:30:45 | 00,856,384 | ---- | M] (Microsoft Corporation)
(Microsoft Office Groove Audit Service) Microsoft Office Groove Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe -> [2006.10.27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006.10.26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006.10.26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)

[Driver Services - Safe List]
64bit-(hamachi) Hamachi Network Interface [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009.11.15 00:00:44 | 00,033,344 | ---- | M] (LogMeIn, Inc.)
64bit-(atksgt) atksgt [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\atksgt.sys -> [2009.11.14 19:09:37 | 00,314,016 | ---- | M] ()
64bit-(lirsgt) lirsgt [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\lirsgt.sys -> [2009.11.14 19:09:36 | 00,043,680 | ---- | M] ()
64bit-(sptd) sptd [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\sptd.sys -> [2009.11.14 19:00:57 | 00,834,544 | ---- | M] ()
64bit-(aswSP) avast! Self Protection [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswSP.sys -> [2009.09.15 12:55:43 | 00,089,680 | ---- | M] (ALWIL Software)
64bit-(aswFsBlk) aswFsBlk [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2009.09.15 12:55:24 | 00,022,096 | ---- | M] (ALWIL Software)
64bit-(aswMonFlt) aswMonFlt [File_System | Auto | Running] -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2009.09.15 12:55:16 | 00,065,616 | ---- | M] (ALWIL Software)
64bit-(aswTdi) avast! Network Shield Support [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2009.09.15 12:54:34 | 00,059,472 | ---- | M] (ALWIL Software)
64bit-(aswRdr) aswRdr [Kernel | System | Running] -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2009.09.15 12:54:24 | 00,027,216 | ---- | M] (ALWIL Software)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009.07.14 02:52:21 | 00,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009.07.14 02:52:21 | 00,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009.07.14 02:52:20 | 00,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ksecpkg.sys -> [2009.07.14 02:48:04 | 00,153,152 | ---- | M] (Microsoft Corporation)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009.07.14 02:48:04 | 00,065,600 | ---- | M] (LSI Corporation)
64bit-(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hwpolicy.sys -> [2009.07.14 02:48:04 | 00,014,416 | ---- | M] (Microsoft Corporation)
64bit-(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fsdepends.sys -> [2009.07.14 02:47:49 | 00,055,376 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009.07.14 02:47:48 | 00,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wimmount.sys -> [2009.07.14 02:45:56 | 00,022,096 | ---- | M] (Microsoft Corporation)
64bit-(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vhdmp.sys -> [2009.07.14 02:45:55 | 00,217,680 | ---- | M] (Microsoft Corporation)
64bit-(vmbus) Bus des virtuellen Computers [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vmbus.sys -> [2009.07.14 02:45:55 | 00,200,272 | ---- | M] (Microsoft Corporation)
64bit-(storflt) Filtertreiber zur Busbeschleunigung für den Datenträger des virtuellen Computers [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vmstorfl.sys -> [2009.07.14 02:45:55 | 00,046,672 | ---- | M] (Microsoft Corporation)
64bit-(vdrvroot) Enumerator-Treiber für Microsoft Virtual Drive [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vdrvroot.sys -> [2009.07.14 02:45:55 | 00,036,432 | ---- | M] (Microsoft Corporation)
64bit-(storvsc) storvsc [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\storvsc.sys -> [2009.07.14 02:45:55 | 00,034,896 | ---- | M] (Microsoft Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009.07.14 02:45:55 | 00,024,656 | ---- | M] (Promise Technology)
64bit-(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rdyboost.sys -> [2009.07.14 02:45:46 | 00,214,096 | ---- | M] (Microsoft Corporation)
64bit-(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pcw.sys -> [2009.07.14 02:45:45 | 00,050,768 | ---- | M] (Microsoft Corporation)
64bit-(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\cng.sys -> [2009.07.14 02:43:14 | 00,460,504 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) Filtertreiber der Bitlocker-Laufwerkverschlüsselung [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\fvevol.sys -> [2009.07.14 02:43:13 | 00,223,448 | ---- | M] (Microsoft Corporation)
64bit-(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\rdpbus.sys -> [2009.07.14 01:17:46 | 00,024,064 | ---- | M] (Microsoft Corporation)
64bit-(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\SysNative\drivers\RDPREFMP.sys -> [2009.07.14 01:16:35 | 00,008,192 | ---- | M] (Microsoft Corporation)
64bit-(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\agilevpn.sys -> [2009.07.14 01:10:24 | 00,060,416 | ---- | M] (Microsoft Corporation)
64bit-(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\wfplwf.sys -> [2009.07.14 01:09:26 | 00,012,800 | ---- | M] (Microsoft Corporation)
64bit-(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ndiscap.sys -> [2009.07.14 01:08:13 | 00,035,328 | ---- | M] (Microsoft Corporation)
64bit-(vwifibus) Virtueller WiFi-Bustreiber [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vwifibus.sys -> [2009.07.14 01:07:21 | 00,024,576 | ---- | M] (Microsoft Corporation)
64bit-(1394ohci) OHCI-konformer 1394-Hostcontroller [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\1394ohci.sys -> [2009.07.14 01:07:13 | 00,227,840 | ---- | M] (Microsoft Corporation)
64bit-(HdAudAddService) Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2009.07.14 01:07:00 | 00,350,208 | ---- | M] (Microsoft Corporation)
64bit-(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\umpass.sys -> [2009.07.14 01:06:52 | 00,009,728 | ---- | M] (Microsoft Corporation)
64bit-(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidkmdf.sys -> [2009.07.14 01:06:24 | 00,008,192 | ---- | M] (Microsoft Corporation)
64bit-(WudfPf) User Mode Driver Frameworks Platform Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\WUDFPf.sys -> [2009.07.14 01:05:37 | 00,112,128 | ---- | M] (Microsoft Corporation)
64bit-(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MTConfig.sys -> [2009.07.14 01:02:08 | 00,015,360 | ---- | M] (Microsoft Corporation)
64bit-(CompositeBus) Busenumeratortreiber für Verbundgeräte [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CompositeBus.sys -> [2009.07.14 01:00:34 | 00,038,912 | ---- | M] (Microsoft Corporation)
64bit-(Beep) Beep [Kernel | System | Running] -> C:\Windows\SysNative\drivers\beep.sys -> [2009.07.14 01:00:13 | 00,006,656 | ---- | M] (Microsoft Corporation)
64bit-(AppID) Anwendungs-ID-Treiber [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\appid.sys -> [2009.07.14 00:52:39 | 00,061,440 | ---- | M] (Microsoft Corporation)
64bit-(scfilter) Filtertreiber für Smartcards der Plug & Play-Klasse [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\scfilter.sys -> [2009.07.14 00:50:17 | 00,029,696 | ---- | M] (Microsoft Corporation)
64bit-(s3cap) s3cap [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vms3cap.sys -> [2009.07.14 00:42:58 | 00,006,656 | ---- | M] (Microsoft Corporation)
64bit-(VMBusHID) VMBusHID [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\VMBusHID.sys -> [2009.07.14 00:42:44 | 00,021,760 | ---- | M] (Microsoft Corporation)
64bit-(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\SysNative\drivers\discache.sys -> [2009.07.14 00:37:18 | 00,040,448 | ---- | M] (Microsoft Corporation)
64bit-(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidbatt.sys -> [2009.07.14 00:31:06 | 00,026,624 | ---- | M] (Microsoft Corporation)
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\CmBatt.sys -> [2009.07.14 00:31:03 | 00,017,664 | ---- | M] (Microsoft Corporation)
64bit-(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipmi.sys -> [2009.07.14 00:27:17 | 00,012,288 | ---- | M] (Microsoft Corporation)
64bit-(CSC) Treiber für Offlinedateien [Kernel | System | Running] -> C:\Windows\SysNative\drivers\csc.sys -> [2009.07.14 00:24:27 | 00,514,048 | ---- | M] (Microsoft Corporation)
64bit-(AmdPPM) AMD-Prozessortreiber [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\amdppm.sys -> [2009.07.14 00:19:25 | 00,060,928 | ---- | M] (Microsoft Corporation)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009.06.10 21:34:33 | 03,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009.06.10 21:34:28 | 00,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009.06.10 21:34:23 | 00,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009.06.10 21:31:59 | 00,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009.03.01 23:05:32 | 00,187,392 | ---- | M] (Realtek Corporation )
64bit-(DgiVecp) DgiVecp [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\DgivEcp.sys -> [2009.02.05 06:20:10 | 00,053,816 | ---- | M] (Samsung Electronics Co., Ltd.)
64bit-(SSPORT) SSPORT [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\SSPORT.SYS -> [2008.01.03 22:40:42 | 00,011,576 | ---- | M] (Samsung Electronics)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009.07.14 02:19:10 | 00,019,008 | ---- | M] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysWOW64\netbios.dll -> [2009.07.14 02:16:02 | 00,014,336 | ---- | M] (Microsoft Corporation)
(mpsdrv) Windows-Firewallautorisierungstreiber [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2009.06.10 22:28:14 | 00,001,088 | ---- | M] ()
(Tcpip) TCP/IP-Protokolltreiber [Kernel | Boot | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2009.06.10 22:15:18 | 00,003,066 | ---- | M] ()
(DgiVecp) DgiVecp [Kernel | Auto | Running] -> C:\Windows\SysWOW64\DgivEcp.cat -> [2009.02.05 06:20:06 | 00,007,036 | ---- | M] ()
(CSC) Treiber für Offlinedateien [Kernel | System | Running] -> C:\Windows\CSC -> [2009.01.01 00:14:51 | 00,000,000 | ---D | M]
(SSPORT) SSPORT [Kernel | Auto | Running] -> C:\Windows\SysWOW64\SSPORT.CAT -> [2008.01.03 22:40:42 | 00,007,297 | ---- | M] ()

[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://go.microsoft.com/fwlink/?LinkId=69157 ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\] > -> ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\: Main\\"Start Page" -> http://www.google.de/ ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\: Main\\"Start Page Redirect Cache" -> http://de.msn.com/?ocid=iehp ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\: Main\\"Start Page Redirect Cache AcceptLangs" -> de ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\: Main\\"Start Page Redirect Cache_TIMESTAMP" -> CD 06 77 5E 4C 65 CA 01 [binary data] ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\Robsen\AppData\Roaming\Mozilla\FireFox\Profiles\e6d3ptx0.default\prefs.js ->
extensions.enabledItems -> {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.33.0 ->
extensions.enabledItems -> {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.5.5 ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8} -> C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX\ [C:\PROGRAM FILES (X86)\GOOGLE\GOOGLE GEARS\FIREFOX\] -> [2009.11.19 15:39:33 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009.11.14 18:24:05 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009.11.21 18:47:17 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\Robsen\AppData\Roaming\mozilla\Extensions -> [2009.11.14 18:24:08 | 00,000,000 | ---D | M]
-> C:\Users\Robsen\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009.11.14 18:24:08 | 00,000,000 | ---D | M]
-> C:\Users\Robsen\AppData\Roaming\mozilla\Firefox\Profiles\e6d3ptx0.default\extensions -> [2009.11.19 20:03:38 | 00,000,000 | ---D | M]
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009.11.23 08:35:32 | 00,000,000 | ---D | M]
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009.11.14 18:24:01 | 00,000,000 | ---D | M]
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} -> [2009.11.17 14:54:20 | 00,000,000 | ---D | M]
< FireFox Components [Program Folders] > ->
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009.11.03 04:27:25 | 00,023,512 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009.11.03 04:27:25 | 00,137,176 | ---- | M] (Mozilla Foundation)
< HOSTS File > (824 bytes and 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [Groove GFS Browser Helper] -> [2006.10.27 00:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009.11.17 14:54:13 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKLM] -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [Google Gears Helper] -> [2009.10.16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"avast!" -> C:\Program Files\Alwil Software\Avast4\ashDisp.exe ["C:\Program Files\Alwil Software\Avast4\ashDisp.exe"] -> [2009.09.15 12:56:48 | 00,081,000 | ---- | M] (ALWIL Software)
"GrooveMonitor" -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe ["C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"] -> [2006.10.27 00:47:42 | 00,031,016 | ---- | M] (Microsoft Corporation)
"Malwarebytes Anti-Malware (reboot)" -> C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe ["C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript] -> [2009.09.10 14:53:56 | 01,312,080 | ---- | M] (Malwarebytes Corporation)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009.11.17 14:54:13 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
"WinampAgent" -> C:\Program Files (x86)\Winamp\winampa.exe ["C:\Program Files (x86)\Winamp\winampa.exe"] -> [2009.07.01 17:37:06 | 00,037,888 | ---- | M] ()
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009.07.14 02:14:38 | 01,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009.07.14 02:14:38 | 01,173,504 | ---- | M] (Microsoft Corporation)
< RunOnce [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"mctadmin" -> C:\Windows\SysWow64\mctadmin.exe [C:\Windows\System32\mctadmin.exe] -> File not found
< Run [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\] > -> HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"DAEMON Tools Lite" -> I:\Programme\DAEMON Tools Lite\DTLite.exe ["I:\Programme\DAEMON Tools Lite\DTLite.exe" -autorun] -> [2009.10.30 12:57:08 | 00,369,200 | ---- | M] (DT Soft Ltd)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"NoActiveDesktopChanges" -> [1] -> File not found
\\"ForceActiveDesktopOn" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001] > -> HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\] > -> HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\Software\Microsoft\Internet Explorer\MenuExt\ ->
SmarThru4 Als HTML speichern -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm [C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Auswahl erfassen -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm [C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Capture Selection -> C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm [C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Markierten Text speichern -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm [C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm] -> [2008.01.11 12:57:34 | 00,000,282 | ---- | M] ()
SmarThru4 Save as HTML -> C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm [C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Save Selected Text -> C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm [C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm] -> [2008.01.11 12:57:34 | 00,000,282 | ---- | M] ()
SmarThru4 Web Capture -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll [C:\Program Files (x86)\SmarThru 4\WebCapture.dll] -> [2008.01.11 13:17:50 | 00,438,272 | ---- | M] ()
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\] > -> HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\Software\Microsoft\Internet Explorer\MenuExt\ ->
Nach Microsoft E&xel exportieren -> C:\Programme (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000] -> File not found
SmarThru4 Als HTML speichern -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm [C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Auswahl erfassen -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm [C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Capture Selection -> C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm [C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Markierten Text speichern -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm [C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm] -> [2008.01.11 12:57:34 | 00,000,282 | ---- | M] ()
SmarThru4 Save as HTML -> C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm [C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm] -> [2008.01.11 12:57:34 | 00,000,286 | ---- | M] ()
SmarThru4 Save Selected Text -> C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm [C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm] -> [2008.01.11 12:57:34 | 00,000,282 | ---- | M] ()
SmarThru4 Web Capture -> C:\Program Files (x86)\SmarThru 4\WebCapture.dll [C:\Program Files (x86)\SmarThru 4\WebCapture.dll] -> [2008.01.11 13:17:50 | 00,438,272 | ---- | M] ()
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}:{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} [HKLM] -> C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [Menu: &Gears-Einstellungen] -> [2009.10.16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [Button: An OneNote senden] -> [2006.10.26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll [Menu: An OneNote s&enden] -> [2006.10.26 20:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL [Button: Research] -> [2006.10.26 20:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\] > -> HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\Software\Microsoft\Internet Explorer\Extensions\ ->
64bit-{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
64bit-{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
{5941A0E4-56C1-4a49-9B18-05762CAC5F9B}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
64bit-{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
{A07BFEF7-DD11-4937-B23B-E70C11D2EDF4}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
64bit-{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
{E753A93F-2367-4978-BFA0-83048C1E61CB}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"ButtonText" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"CLSID" [HKLM] -> [{0000031A-0000-0000-C000-000000000046}] -> File not found
64bit-{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"ClsidExtension" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"Default Visible" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"HotIcon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"Icon" [HKLM] -> [Reg Error: Key error.] -> File not found
64bit-{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
{F1F53366-3E11-47ab-BF84-580C94F9C9AD}\\"MenuText" [HKLM] -> [Reg Error: Key error.] -> File not found
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\] > -> HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\] > -> HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-4084225017-3352838586-1887152963-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{1E54D648-B804-468d-BC78-4AFFED8E262F} [HKLM] -> http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab [System Requirements Lab Class] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.123.254 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{5C50AF53-34A0-4E76-80E8-B33BF76DCC4E}\\DhcpNameServer -> 192.168.123.254 (Realtek RTL8168B/8111B Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009.08.03 07:17:37 | 02,868,224 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009.07.14 02:39:47 | 00,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009.08.03 06:35:50 | 02,613,248 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009.07.14 02:14:42 | 00,081,920 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad ->
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck] -> File not found
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL [Groove GFS Stub Execution Hook] -> [2006.10.27 00:48:42 | 02,210,608 | ---- | M] (Microsoft Corporation)
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009.07.14 02:41:53 | 00,240,640 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009.07.14 02:16:12 | 00,186,880 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{010BD0CD-B8A4-4118-8294-D2491272A5F2} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{030E8877-539D-40D5-BA0F-72E36135FA48} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28523 | app=system |
{080E6A4C-B7FA-407A-BD50-489125B4536C} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28503 | app=system |
{0826C4F1-BB76-4418-AC17-0B160EB6D386} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28515 | app=system |
{0A5DB9D7-A365-4F4C-BE88-1CD33939141D} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{14501FA1-8C47-4F11-9A9F-DA0B352C6631} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{2C719142-F8AE-4F5B-8D46-7BA92799A294} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28539 | svc=rpcss |
{3294C729-F5C4-471E-A5BF-A51ACA4F3FFC} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31289 | app=system |
{34B53519-BF0B-4EA4-A9D1-E6AFED962F24} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28531 | app=system |
{6A9CA650-B532-4356-8017-8026B2CA1ABC} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31277 | app=system |
{6C3986DE-0A8A-4023-BF3C-E6C1934E6C17} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{6DDBF74A-3630-490E-8111-A25C29D24635} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{71CD9503-9127-4E85-A19F-5372502908E4} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28527 | app=system |
{83E7CC90-83CC-491D-858F-3E9A4DE8047B} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{8C7C2008-21B9-493F-9293-2EAE270A996C} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28519 | app=system |
{8E2DE69D-AAD5-4FAC-AE22-16B86E695B9D} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{93958844-2AA3-456E-9C59-3CE11BCB55B7} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{9668F94F-E33B-4006-844B-7BD203BC1515} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{9BB73592-5901-4D0A-B608-F8CDBE47515D} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
{B375F2FD-1BBC-48B3-9632-7B83A1647039} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{B6FA6129-3DAE-4FEB-AB5F-3A09BE94A466} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31285 | app=system |
{D0CB3DA8-1F21-4D05-9A9C-130794CAF493} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-28511 | app=system |
{D5FB518A-0874-4145-8376-9433DA15D257} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-28507 | app=system |
{F71904DC-8CF9-4B69-875D-419E413BCAAD} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{093FB2F3-DA8A-48C0-8D7D-3FB4139DE463} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{0E17BD2E-EFAF-4276-A28A-F746E414AF5F} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{104D337D-5D62-4570-8F86-2A783F9EECC7} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{25BC9623-9B78-40E3-A01B-A2CC05D0CA4A} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{285DFA49-14F4-4C80-B8FA-2438F73870E2} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{28E22BAA-29E8-4B59-9368-4525D491C58E} -> profile=private | protocol=6 | dir=in | action=allow | name=relic downloader | app=h:\games\coh\relicdownloader\relicdownloader.exe |
{30B9E665-CBC0-496A-9BE9-878D813C5B53} -> profile=private | protocol=6 | dir=in | action=allow | name=anno 1404 web | app=h:\games\anno1404\tools\anno4web.exe |
{3AD85913-0D1A-477A-9AE3-2D3E128E7D83} -> profile=private | protocol=6 | dir=in | action=allow | name=company of heroes | app=h:\games\coh\reliccoh.exe |
{3EECFEC5-5B2A-4B5D-8814-CBAD5584C995} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31309 | app=%programfiles%\windows media player\wmpnetwk.exe |
{45F48531-E003-4C84-A1E7-FAF26F93A36D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{473E13CD-5C29-4801-8379-E798AE9B9D32} -> profile=private | protocol=17 | dir=out | action=allow | name=@firewallapi.dll,-31297 | app=%programfiles%\windows media player\wmplayer.exe |
{47F0BA49-E2B6-494A-AD66-D5E0457643D8} -> profile=private | protocol=6 | dir=in | action=allow | name=anno 1404 | app=h:\games\anno1404\anno4.exe |
{6579858C-01F7-4EEF-AC12-F4B603211E43} -> profile=private | protocol=17 | dir=in | action=allow | name=of dragon rising | app=h:\games\operationflashpoint2\ofdr.exe |
{6F8436A1-CD03-466B-AF22-A5C274A62E2D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31281 | app=system |
{8594D01E-1E6B-4759-A8F2-0E1059B76D63} -> profile=private | protocol=58 | dir=out | action=allow | name=@firewallapi.dll,-28546 |
{886F11DE-42E6-40CE-B383-7586FBAD7DCE} -> profile=private | protocol=1 | dir=in | action=allow | name=@firewallapi.dll,-28543 |
{8CA77D09-9AAD-4A28-BB2E-10467DDE84C7} -> profile=private | protocol=1 | dir=out | action=allow | name=@firewallapi.dll,-28544 |
{8CE59D85-5BF2-481C-BE32-1C7993E0DCCC} -> profile=private | protocol=17 | dir=in | action=allow | name=relic downloader | app=h:\games\coh\relicdownloader\relicdownloader.exe |
{8D3CB0F6-3BD9-4D37-B096-C55A91734F2E} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{91CE27A0-08F0-4A5C-A303-DF4FEECAE63E} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{9F6F170F-0288-4D99-AE59-9EE42CF25D8B} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{A276D1EA-079C-49BA-8373-0168E731D6CB} -> profile=private | protocol=17 | dir=in | action=allow | name=anno 1404 | app=h:\games\anno1404\anno4.exe |
{AA4B87CD-FBB9-48DA-8498-4B09A66E1065} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{AB311FBA-666F-43C1-B68C-43883FE556E2} -> profile=private | protocol=6 | dir=in | action=allow | name=of dragon rising | app=h:\games\operationflashpoint2\ofdr.exe |
{AD5D038F-9C13-4D7E-8055-0AD4A19A9893} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31317 | app=%programfiles%\windows media player\wmpnetwk.exe |
{B9C101D6-6926-4668-8757-6269F582319B} -> profile=private | protocol=17 | dir=in | action=allow | name=anno 1404 web | app=h:\games\anno1404\tools\anno4web.exe |
{BAB96DC3-B29E-4108-8FE9-5B33233EA08B} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office groove | app=c:\program files (x86)\microsoft office\office12\groove.exe |
{CAEEA6A1-525C-46F9-8FF9-4285F21C0C5D} -> profile=private | protocol=6 | dir=out | action=allow | name=@firewallapi.dll,-31301 | app=%programfiles%\windows media player\wmplayer.exe |
{E9304610-DD65-4A86-B507-5EC0593EC6B5} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31305 | app=%programfiles%\windows media player\wmpnetwk.exe |
{EB274C32-EC8A-4E81-B818-F813DF80B625} -> profile=private | protocol=6 | dir=in | action=allow | name=@firewallapi.dll,-31313 | app=%programfiles%\windows media player\wmpnetwk.exe |
{ECDD8392-1E5D-4614-977C-06EA0AFA16E1} -> profile=private | protocol=17 | dir=in | action=allow | name=company of heroes | app=h:\games\coh\reliccoh.exe |
{F3B2C44B-383D-4878-9063-4C39E008BBD6} -> profile=private | protocol=58 | dir=in | action=allow | name=@firewallapi.dll,-28545 |
{F3CF9BBB-E1CA-45DB-8907-7CB0098BE97D} -> profile=private | protocol=17 | dir=in | action=allow | name=@firewallapi.dll,-31293 | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{41A65BB6-0DFC-46E2-BE4B-4F547ECC7EED}C:\users\robsen\appdata\local\temp\afee0fc609c54655b13eccda7bef6415\relicdownloader.exe -> profile=private | protocol=6 | dir=in | action=allow | name=relicdownloader.exe | app=c:\users\robsen\appdata\local\temp\afee0fc609c54655b13eccda7bef6415\relicdownloader.exe |
TCP Query User{EBFE6F3C-AB2E-409B-8709-787EB5C6E853}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=6 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
TCP Query User{FDB10C45-40D2-4705-9A8A-11A2E5087B95}H:\games\fifa10\fifa10.exe -> profile=private | protocol=6 | dir=in | action=allow | name=ltjmwavli | app=h:\games\fifa10\fifa10.exe |
UDP Query User{B0E27303-0B5C-4650-8EC6-0EC33371C77C}C:\program files (x86)\mozilla firefox\firefox.exe -> profile=private | protocol=17 | dir=in | action=allow | name=firefox | app=c:\program files (x86)\mozilla firefox\firefox.exe |
UDP Query User{C0A6C9EE-C66D-49AA-9CDB-3CBD985DC5DE}C:\users\robsen\appdata\local\temp\afee0fc609c54655b13eccda7bef6415\relicdownloader.exe -> profile=private | protocol=17 | dir=in | action=allow | name=relicdownloader.exe | app=c:\users\robsen\appdata\local\temp\afee0fc609c54655b13eccda7bef6415\relicdownloader.exe |
UDP Query User{C15A2A1A-A653-4937-9B77-13019228EBC0}H:\games\fifa10\fifa10.exe -> profile=private | protocol=17 | dir=in | action=allow | name=ltjmwavli | app=h:\games\fifa10\fifa10.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM-Laufwerktreiber ->
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009.07.14 00:19:54 | 00,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{c518b736-d147-11de-998f-001fd0af10b7}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c518b736-d147-11de-998f-001fd0af10b7}\shell
\{c518b736-d147-11de-998f-001fd0af10b7}\shell\\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c518b736-d147-11de-998f-001fd0af10b7}\shell\AutoRun\command
\{c518b736-d147-11de-998f-001fd0af10b7}\shell\AutoRun\command\\"" -> K:\autorun.exe [K:\autorun.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
Seitenanfang Seitenende
23.11.2009, 12:49
Member

Themenstarter

Beiträge: 20
#11 zweiter teil:


[Files/Folders - Created Within 30 Days]
OTS.exe -> C:\Users\Robsen\Desktop\OTS.exe -> [2009.11.23 12:25:25 | 00,525,824 | ---- | C] (OldTimer Tools)
rsit -> C:\rsit -> [2009.11.23 00:34:50 | 00,000,000 | ---D | C]
CCleaner -> C:\Program Files (x86)\CCleaner -> [2009.11.22 18:02:52 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Users\Robsen\AppData\Roaming\Malwarebytes -> [2009.11.22 17:37:59 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009.11.22 17:37:56 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009.11.22 17:37:55 | 00,022,104 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009.11.22 17:37:55 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009.11.22 17:37:54 | 00,000,000 | ---D | C]
DoctorWeb -> C:\Users\Robsen\DoctorWeb -> [2009.11.22 17:20:22 | 00,000,000 | ---D | C]
Trend Micro -> C:\Program Files (x86)\Trend Micro -> [2009.11.22 16:52:52 | 00,000,000 | ---D | C]
Minidump -> C:\Windows\Minidump -> [2009.11.22 01:28:07 | 00,000,000 | ---D | C]
The Movies -> C:\Users\Robsen\Documents\The Movies -> [2009.11.19 20:11:09 | 00,000,000 | ---D | C]
Lionhead Studios -> C:\Users\Robsen\AppData\Roaming\Lionhead Studios -> [2009.11.19 20:11:09 | 00,000,000 | ---D | C]
Lionhead Studios -> C:\ProgramData\Lionhead Studios -> [2009.11.19 20:07:05 | 00,000,000 | ---D | C]
appmgmt -> C:\Windows\SysNative\appmgmt -> [2009.11.19 18:34:43 | 00,000,000 | ---D | C]
Google -> C:\Users\Robsen\AppData\Local\Google -> [2009.11.19 15:39:07 | 00,000,000 | ---D | C]
Google -> C:\Program Files (x86)\Google -> [2009.11.19 15:39:07 | 00,000,000 | ---D | C]
Microsoft Works -> C:\Program Files (x86)\Microsoft Works -> [2009.11.18 13:13:41 | 00,000,000 | ---D | C]
Microsoft Visual Studio -> C:\Program Files (x86)\Microsoft Visual Studio -> [2009.11.18 13:13:27 | 00,000,000 | ---D | C]
DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2009.11.18 13:13:26 | 00,000,000 | ---D | C]
PCHEALTH -> C:\Windows\PCHEALTH -> [2009.11.18 13:13:12 | 00,000,000 | ---D | C]
Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2009.11.18 13:13:12 | 00,000,000 | ---D | C]
Microsoft Office -> C:\Programme\Microsoft Office -> [2009.11.18 13:11:44 | 00,000,000 | ---D | C]
Microsoft Visual Studio 8 -> C:\Program Files (x86)\Microsoft Visual Studio 8 -> [2009.11.18 13:11:40 | 00,000,000 | ---D | C]
Microsoft Office -> C:\Program Files (x86)\Microsoft Office -> [2009.11.18 13:11:18 | 00,000,000 | ---D | C]
MSOCache -> C:\MSOCache -> [2009.11.18 13:09:02 | 00,000,000 | RH-D | C]
MSXML 4.0 -> C:\Program Files (x86)\MSXML 4.0 -> [2009.11.18 02:32:35 | 00,000,000 | ---D | C]
PX Storage Engine -> C:\Program Files (x86)\Common Files\PX Storage Engine -> [2009.11.17 16:17:45 | 00,000,000 | ---D | C]
Winamp -> C:\Users\Robsen\AppData\Roaming\Winamp -> [2009.11.17 16:17:44 | 00,000,000 | ---D | C]
Winamp -> C:\Program Files (x86)\Winamp -> [2009.11.17 16:17:44 | 00,000,000 | ---D | C]
SmarThru4 -> C:\Users\Robsen\AppData\Roaming\SmarThru4 -> [2009.11.17 15:12:41 | 00,000,000 | ---D | C]
SmarThruOptions.xml -> C:\Users\Robsen\AppData\Roaming\SmarThruOptions.xml -> [2009.11.17 15:12:39 | 00,011,366 | ---- | C] ()
DgivEcp.sys -> C:\Windows\SysNative\drivers\DgivEcp.sys -> [2009.11.17 15:12:37 | 00,053,816 | ---- | C] (Samsung Electronics Co., Ltd.)
ssdevm.dll -> C:\Windows\SysWow64\ssdevm.dll -> [2009.11.17 15:12:34 | 00,081,920 | ---- | C] (Samsung Electronics)
LTCLR13n.dll -> C:\Windows\SysWow64\LTCLR13n.dll -> [2009.11.17 15:12:33 | 01,693,696 | ---- | C] (LEAD Technologies, Inc.)
LTR13N.DLL -> C:\Windows\SysWow64\LTR13N.DLL -> [2009.11.17 15:12:33 | 00,931,840 | ---- | C] (LEAD Technologies, Inc.)
ltocx13n.ocx -> C:\Windows\SysWow64\ltocx13n.ocx -> [2009.11.17 15:12:33 | 00,760,320 | ---- | C] (LEAD Technologies, Inc.)
LTRVW13N.OCX -> C:\Windows\SysWow64\LTRVW13N.OCX -> [2009.11.17 15:12:33 | 00,533,504 | ---- | C] (LEAD Technologies, Inc.)
LTRPR13n.DLL -> C:\Windows\SysWow64\LTRPR13n.DLL -> [2009.11.17 15:12:33 | 00,465,920 | ---- | C] (LEAD Technologies, Inc.)
ltimg13n.dll -> C:\Windows\SysWow64\ltimg13n.dll -> [2009.11.17 15:12:33 | 00,445,440 | ---- | C] (LEAD Technologies, Inc.)
LFCMP13s.DLL -> C:\Windows\SysWow64\LFCMP13s.DLL -> [2009.11.17 15:12:33 | 00,406,016 | ---- | C] (LEAD Technologies, Inc.)
LFCMP13n.DLL -> C:\Windows\SysWow64\LFCMP13n.DLL -> [2009.11.17 15:12:33 | 00,389,120 | ---- | C] (LEAD Technologies, Inc.)
LTRIO13N.DLL -> C:\Windows\SysWow64\LTRIO13N.DLL -> [2009.11.17 15:12:33 | 00,326,144 | ---- | C] (LEAD Technologies, Inc.)
LTDIS13n.dll -> C:\Windows\SysWow64\LTDIS13n.dll -> [2009.11.17 15:12:33 | 00,265,216 | ---- | C] (LEAD Technologies, Inc.)
LFJ2K13s.dll -> C:\Windows\SysWow64\LFJ2K13s.dll -> [2009.11.17 15:12:33 | 00,249,856 | ---- | C] (LEAD Technologies, Inc.)
LFJ2K13n.dll -> C:\Windows\SysWow64\LFJ2K13n.dll -> [2009.11.17 15:12:33 | 00,246,272 | ---- | C] (LEAD Technologies, Inc.)
PCDLIB32.DLL -> C:\Windows\SysWow64\PCDLIB32.DLL -> [2009.11.17 15:12:33 | 00,212,480 | ---- | C] (Eastman Kodak)
ltefx13n.dll -> C:\Windows\SysWow64\ltefx13n.dll -> [2009.11.17 15:12:33 | 00,206,848 | ---- | C] (LEAD Technologies, Inc.)
Lfpng13s.dll -> C:\Windows\SysWow64\Lfpng13s.dll -> [2009.11.17 15:12:33 | 00,187,392 | ---- | C] (LEAD Technologies, Inc.)
Lfpng13n.dll -> C:\Windows\SysWow64\Lfpng13n.dll -> [2009.11.17 15:12:33 | 00,182,784 | ---- | C] (LEAD Technologies, Inc.)
Ltpnt13n.dll -> C:\Windows\SysWow64\Ltpnt13n.dll -> [2009.11.17 15:12:33 | 00,158,720 | ---- | C] (LEAD Technologies, Inc.)
lftif13s.dll -> C:\Windows\SysWow64\lftif13s.dll -> [2009.11.17 15:12:33 | 00,152,064 | ---- | C] (LEAD Technologies, Inc.)
lftif13n.dll -> C:\Windows\SysWow64\lftif13n.dll -> [2009.11.17 15:12:33 | 00,142,848 | ---- | C] (LEAD Technologies, Inc.)
LTOCR13n.dll -> C:\Windows\SysWow64\LTOCR13n.dll -> [2009.11.17 15:12:33 | 00,114,176 | ---- | C] (LEAD Technologies, Inc.)
lfjbg13s.dll -> C:\Windows\SysWow64\lfjbg13s.dll -> [2009.11.17 15:12:33 | 00,099,840 | ---- | C] (LEAD Technologies, Inc.)
lfjbg13n.dll -> C:\Windows\SysWow64\lfjbg13n.dll -> [2009.11.17 15:12:33 | 00,090,112 | ---- | C] (LEAD Technologies, Inc.)
lfpsd13s.dll -> C:\Windows\SysWow64\lfpsd13s.dll -> [2009.11.17 15:12:33 | 00,087,552 | ---- | C] (LEAD Technologies, Inc.)
lffax13s.dll -> C:\Windows\SysWow64\lffax13s.dll -> [2009.11.17 15:12:33 | 00,086,528 | ---- | C] (LEAD Technologies, Inc.)
LTTLB13n.dll -> C:\Windows\SysWow64\LTTLB13n.dll -> [2009.11.17 15:12:33 | 00,077,312 | ---- | C] (LEAD Technologies, Inc.)
lffax13n.dll -> C:\Windows\SysWow64\lffax13n.dll -> [2009.11.17 15:12:33 | 00,073,728 | ---- | C] (LEAD Technologies, Inc.)
ltbar13n.dll -> C:\Windows\SysWow64\ltbar13n.dll -> [2009.11.17 15:12:33 | 00,069,632 | ---- | C] (LEAD Technologies, Inc.)
ltpdg13n.dll -> C:\Windows\SysWow64\ltpdg13n.dll -> [2009.11.17 15:12:33 | 00,067,072 | ---- | C] (LEAD Technologies, Inc.)
lfeps13s.dll -> C:\Windows\SysWow64\lfeps13s.dll -> [2009.11.17 15:12:33 | 00,057,856 | ---- | C] (LEAD Technologies, Inc.)
lfpsd13n.dll -> C:\Windows\SysWow64\lfpsd13n.dll -> [2009.11.17 15:12:33 | 00,057,344 | ---- | C] (LEAD Technologies, Inc.)
lfeps13n.dll -> C:\Windows\SysWow64\lfeps13n.dll -> [2009.11.17 15:12:33 | 00,047,616 | ---- | C] (LEAD Technologies, Inc.)
lttwn13n.dll -> C:\Windows\SysWow64\lttwn13n.dll -> [2009.11.17 15:12:33 | 00,044,032 | ---- | C] (LEAD Technologies, Inc.)
LFPNM13s.dll -> C:\Windows\SysWow64\LFPNM13s.dll -> [2009.11.17 15:12:33 | 00,043,008 | ---- | C] (LEAD Technologies, Inc.)
lfbmp13s.dll -> C:\Windows\SysWow64\lfbmp13s.dll -> [2009.11.17 15:12:33 | 00,043,008 | ---- | C] (LEAD Technologies, Inc.)
lfiff13s.dll -> C:\Windows\SysWow64\lfiff13s.dll -> [2009.11.17 15:12:33 | 00,040,448 | ---- | C] (LEAD Technologies, Inc.)
lfpcx13s.dll -> C:\Windows\SysWow64\lfpcx13s.dll -> [2009.11.17 15:12:33 | 00,037,888 | ---- | C] (LEAD Technologies, Inc.)
lfclp13s.dll -> C:\Windows\SysWow64\lfclp13s.dll -> [2009.11.17 15:12:33 | 00,037,376 | ---- | C] (LEAD Technologies, Inc.)
lfani13s.dll -> C:\Windows\SysWow64\lfani13s.dll -> [2009.11.17 15:12:33 | 00,036,864 | ---- | C] (LEAD Technologies, Inc.)
lfitg13s.dll -> C:\Windows\SysWow64\lfitg13s.dll -> [2009.11.17 15:12:33 | 00,032,768 | ---- | C] (LEAD Technologies, Inc.)
lfimg13s.dll -> C:\Windows\SysWow64\lfimg13s.dll -> [2009.11.17 15:12:33 | 00,032,768 | ---- | C] (LEAD Technologies, Inc.)
lttmb13n.dll -> C:\Windows\SysWow64\lttmb13n.dll -> [2009.11.17 15:12:33 | 00,032,256 | ---- | C] (LEAD Technologies, Inc.)
lfpcd13s.dll -> C:\Windows\SysWow64\lfpcd13s.dll -> [2009.11.17 15:12:33 | 00,032,256 | ---- | C] (LEAD Technologies, Inc.)
lfmsp13s.dll -> C:\Windows\SysWow64\lfmsp13s.dll -> [2009.11.17 15:12:33 | 00,031,744 | ---- | C] (LEAD Technologies, Inc.)
lfclp13n.dll -> C:\Windows\SysWow64\lfclp13n.dll -> [2009.11.17 15:12:33 | 00,031,744 | ---- | C] (LEAD Technologies, Inc.)
lfavi13s.dll -> C:\Windows\SysWow64\lfavi13s.dll -> [2009.11.17 15:12:33 | 00,031,744 | ---- | C] (LEAD Technologies, Inc.)
LFPNM13n.dll -> C:\Windows\SysWow64\LFPNM13n.dll -> [2009.11.17 15:12:33 | 00,031,232 | ---- | C] (LEAD Technologies, Inc.)
lfbmp13n.dll -> C:\Windows\SysWow64\lfbmp13n.dll -> [2009.11.17 15:12:33 | 00,030,208 | ---- | C] (LEAD Technologies, Inc.)
lfiff13n.dll -> C:\Windows\SysWow64\lfiff13n.dll -> [2009.11.17 15:12:33 | 00,027,648 | ---- | C] (LEAD Technologies, Inc.)
lfpcx13n.dll -> C:\Windows\SysWow64\lfpcx13n.dll -> [2009.11.17 15:12:33 | 00,026,624 | ---- | C] (LEAD Technologies, Inc.)
lfani13n.dll -> C:\Windows\SysWow64\lfani13n.dll -> [2009.11.17 15:12:33 | 00,025,600 | ---- | C] (LEAD Technologies, Inc.)
lfimg13n.dll -> C:\Windows\SysWow64\lfimg13n.dll -> [2009.11.17 15:12:33 | 00,020,992 | ---- | C] (LEAD Technologies, Inc.)
lfpcd13n.dll -> C:\Windows\SysWow64\lfpcd13n.dll -> [2009.11.17 15:12:33 | 00,019,968 | ---- | C] (LEAD Technologies, Inc.)
lfitg13n.dll -> C:\Windows\SysWow64\lfitg13n.dll -> [2009.11.17 15:12:33 | 00,019,968 | ---- | C] (LEAD Technologies, Inc.)
lfavi13n.dll -> C:\Windows\SysWow64\lfavi13n.dll -> [2009.11.17 15:12:33 | 00,019,968 | ---- | C] (LEAD Technologies, Inc.)
lfmsp13n.dll -> C:\Windows\SysWow64\lfmsp13n.dll -> [2009.11.17 15:12:33 | 00,018,944 | ---- | C] (LEAD Technologies, Inc.)
ltdlg13n.dll -> C:\Windows\SysWow64\ltdlg13n.dll -> [2009.11.17 15:12:32 | 01,402,368 | ---- | C] (LEAD Technologies, Inc.)
Ltwvc13n.dll -> C:\Windows\SysWow64\Ltwvc13n.dll -> [2009.11.17 15:12:32 | 01,009,664 | ---- | C] (LEAD Technologies, Inc.)
ltkrn13n.dll -> C:\Windows\SysWow64\ltkrn13n.dll -> [2009.11.17 15:12:32 | 00,453,120 | ---- | C] (LEAD Technologies, Inc.)
ltfil13n.DLL -> C:\Windows\SysWow64\ltfil13n.DLL -> [2009.11.17 15:12:32 | 00,154,112 | ---- | C] (LEAD Technologies, Inc.)
Mfcoleui.dll -> C:\Windows\SysWow64\Mfcoleui.dll -> [2009.11.17 15:12:32 | 00,146,976 | ---- | C] (Microsoft Corporation)
msxml4r.dll -> C:\Windows\SysWow64\msxml4r.dll -> [2009.11.17 15:12:32 | 00,082,432 | ---- | C] (Microsoft Corporation)
ltlst13n.dll -> C:\Windows\SysWow64\ltlst13n.dll -> [2009.11.17 15:12:32 | 00,051,712 | ---- | C] (LEAD Technologies, Inc.)
SRC Shared -> C:\Program Files (x86)\Common Files\SRC Shared -> [2009.11.17 15:12:32 | 00,000,000 | ---D | C]
Readiris10 -> C:\Program Files (x86)\Readiris10 -> [2009.11.17 15:12:13 | 00,000,000 | ---D | C]
SmarThru 4 -> C:\Program Files (x86)\SmarThru 4 -> [2009.11.17 15:12:07 | 00,000,000 | ---D | C]
InstallShield -> C:\Program Files (x86)\Common Files\InstallShield -> [2009.11.17 15:11:56 | 00,000,000 | ---D | C]
SSPORT.SYS -> C:\Windows\SysNative\drivers\SSPORT.SYS -> [2009.11.17 15:10:56 | 00,011,576 | ---- | C] (Samsung Electronics)
Temp -> C:\Temp -> [2009.11.17 15:10:50 | 00,000,000 | ---D | C]
OpenOffice.org -> C:\Users\Robsen\AppData\Roaming\OpenOffice.org -> [2009.11.17 14:58:00 | 00,000,000 | ---D | C]
Regieassi IHK -> C:\Users\Robsen\Documents\Regieassi IHK -> [2009.11.17 14:57:32 | 00,000,000 | ---D | C]
OpenOffice.org 3 -> C:\Program Files (x86)\OpenOffice.org 3 -> [2009.11.17 14:54:38 | 00,000,000 | ---D | C]
deploytk.dll -> C:\Windows\SysWow64\deploytk.dll -> [2009.11.17 14:54:19 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.)
javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2009.11.17 14:54:19 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2009.11.17 14:54:19 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\SysWow64\java.exe -> [2009.11.17 14:54:18 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
Java -> C:\Program Files (x86)\Java -> [2009.11.17 14:54:11 | 00,000,000 | ---D | C]
Microsoft Help -> C:\Users\Robsen\AppData\Local\Microsoft Help -> [2009.11.16 16:58:12 | 00,000,000 | ---D | C]
Microsoft Help -> C:\ProgramData\Microsoft Help -> [2009.11.16 16:58:10 | 00,000,000 | ---D | C]
Hamachi -> C:\Users\Robsen\AppData\Roaming\Hamachi -> [2009.11.15 00:00:57 | 00,000,000 | ---D | C]
hamachi.sys -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009.11.15 00:00:44 | 00,033,344 | ---- | C] (LogMeIn, Inc.)
XAudio2_2.dll -> C:\Windows\SysNative\XAudio2_2.dll -> [2009.11.14 23:41:53 | 00,513,544 | ---- | C] (Microsoft Corporation)
XAudio2_2.dll -> C:\Windows\SysWow64\XAudio2_2.dll -> [2009.11.14 23:41:53 | 00,509,448 | ---- | C] (Microsoft Corporation)
XAPOFX1_1.dll -> C:\Windows\SysNative\XAPOFX1_1.dll -> [2009.11.14 23:41:53 | 00,072,200 | ---- | C] (Microsoft Corporation)
XAPOFX1_1.dll -> C:\Windows\SysWow64\XAPOFX1_1.dll -> [2009.11.14 23:41:53 | 00,068,616 | ---- | C] (Microsoft Corporation)
D3DCompiler_39.dll -> C:\Windows\SysNative\D3DCompiler_39.dll -> [2009.11.14 23:41:52 | 01,942,552 | ---- | C] (Microsoft Corporation)
D3DCompiler_39.dll -> C:\Windows\SysWow64\D3DCompiler_39.dll -> [2009.11.14 23:41:52 | 01,493,528 | ---- | C] (Microsoft Corporation)
xactengine3_2.dll -> C:\Windows\SysWow64\xactengine3_2.dll -> [2009.11.14 23:41:52 | 00,238,088 | ---- | C] (Microsoft Corporation)
xactengine3_2.dll -> C:\Windows\SysNative\xactengine3_2.dll -> [2009.11.14 23:41:52 | 00,177,672 | ---- | C] (Microsoft Corporation)
d3dx10_39.dll -> C:\Windows\SysNative\d3dx10_39.dll -> [2009.11.14 23:41:51 | 00,540,688 | ---- | C] (Microsoft Corporation)
d3dx10_39.dll -> C:\Windows\SysWow64\d3dx10_39.dll -> [2009.11.14 23:41:51 | 00,467,984 | ---- | C] (Microsoft Corporation)
D3DX9_39.dll -> C:\Windows\SysNative\D3DX9_39.dll -> [2009.11.14 23:41:50 | 04,992,520 | ---- | C] (Microsoft Corporation)
D3DX9_39.dll -> C:\Windows\SysWow64\D3DX9_39.dll -> [2009.11.14 23:41:50 | 03,851,784 | ---- | C] (Microsoft Corporation)
teamspeak2 -> C:\Users\Robsen\AppData\Roaming\teamspeak2 -> [2009.11.14 23:30:01 | 00,000,000 | ---D | C]
lhacm.acm -> C:\Windows\SysWow64\lhacm.acm -> [2009.11.14 23:29:53 | 00,034,064 | ---- | C] (Microsoft Corporation)
FIFA 10 -> C:\Users\Robsen\Documents\FIFA 10 -> [2009.11.14 21:19:52 | 00,000,000 | ---D | C]
Leadertech -> C:\Users\Robsen\AppData\Roaming\Leadertech -> [2009.11.14 21:17:39 | 00,000,000 | ---D | C]
resmon.resmoncfg -> C:\Users\Robsen\AppData\Local\resmon.resmoncfg -> [2009.11.14 20:21:15 | 00,000,017 | ---- | C] ()
My Games -> C:\Users\Robsen\Documents\My Games -> [2009.11.14 19:43:55 | 00,000,000 | ---D | C]
Media Center Programs -> C:\ProgramData\Media Center Programs -> [2009.11.14 19:43:37 | 00,000,000 | ---D | C]
ftpcache -> C:\Windows\ftpcache -> [2009.11.14 19:25:57 | 00,000,000 | -HSD | C]
Anno 1404 -> C:\Users\Robsen\Documents\Anno 1404 -> [2009.11.14 19:20:35 | 00,000,000 | ---D | C]
Ubisoft -> C:\Users\Robsen\AppData\Roaming\Ubisoft -> [2009.11.14 19:12:44 | 00,000,000 | ---D | C]
WinRAR -> C:\Users\Robsen\AppData\Roaming\WinRAR -> [2009.11.14 19:11:04 | 00,000,000 | ---D | C]
D3DCompiler_41.dll -> C:\Windows\SysNative\D3DCompiler_41.dll -> [2009.11.14 19:09:35 | 02,430,312 | ---- | C] (Microsoft Corporation)
D3DCompiler_41.dll -> C:\Windows\SysWow64\D3DCompiler_41.dll -> [2009.11.14 19:09:35 | 01,846,632 | ---- | C] (Microsoft Corporation)
d3dx10_41.dll -> C:\Windows\SysNative\d3dx10_41.dll -> [2009.11.14 19:09:35 | 00,520,544 | ---- | C] (Microsoft Corporation)
d3dx10_41.dll -> C:\Windows\SysWow64\d3dx10_41.dll -> [2009.11.14 19:09:35 | 00,453,456 | ---- | C] (Microsoft Corporation)
D3DX9_41.dll -> C:\Windows\SysNative\D3DX9_41.dll -> [2009.11.14 19:09:34 | 05,425,496 | ---- | C] (Microsoft Corporation)
D3DX9_41.dll -> C:\Windows\SysWow64\D3DX9_41.dll -> [2009.11.14 19:09:34 | 04,178,264 | ---- | C] (Microsoft Corporation)
XAudio2_4.dll -> C:\Windows\SysNative\XAudio2_4.dll -> [2009.11.14 19:09:34 | 00,521,560 | ---- | C] (Microsoft Corporation)
XAudio2_4.dll -> C:\Windows\SysWow64\XAudio2_4.dll -> [2009.11.14 19:09:34 | 00,517,448 | ---- | C] (Microsoft Corporation)
xactengine3_4.dll -> C:\Windows\SysWow64\xactengine3_4.dll -> [2009.11.14 19:09:34 | 00,235,352 | ---- | C] (Microsoft Corporation)
xactengine3_4.dll -> C:\Windows\SysNative\xactengine3_4.dll -> [2009.11.14 19:09:34 | 00,174,936 | ---- | C] (Microsoft Corporation)
XAPOFX1_3.dll -> C:\Windows\SysNative\XAPOFX1_3.dll -> [2009.11.14 19:09:34 | 00,073,544 | ---- | C] (Microsoft Corporation)
XAPOFX1_3.dll -> C:\Windows\SysWow64\XAPOFX1_3.dll -> [2009.11.14 19:09:34 | 00,069,448 | ---- | C] (Microsoft Corporation)
X3DAudio1_6.dll -> C:\Windows\SysNative\X3DAudio1_6.dll -> [2009.11.14 19:09:34 | 00,024,920 | ---- | C] (Microsoft Corporation)
X3DAudio1_6.dll -> C:\Windows\SysWow64\X3DAudio1_6.dll -> [2009.11.14 19:09:34 | 00,022,360 | ---- | C] (Microsoft Corporation)
D3DX9_40.dll -> C:\Windows\SysNative\D3DX9_40.dll -> [2009.11.14 19:09:33 | 05,631,312 | ---- | C] (Microsoft Corporation)
D3DX9_40.dll -> C:\Windows\SysWow64\D3DX9_40.dll -> [2009.11.14 19:09:33 | 04,379,984 | ---- | C] (Microsoft Corporation)
D3DCompiler_40.dll -> C:\Windows\SysNative\D3DCompiler_40.dll -> [2009.11.14 19:09:33 | 02,605,920 | ---- | C] (Microsoft Corporation)
D3DCompiler_40.dll -> C:\Windows\SysWow64\D3DCompiler_40.dll -> [2009.11.14 19:09:33 | 02,036,576 | ---- | C] (Microsoft Corporation)
d3dx10_40.dll -> C:\Windows\SysNative\d3dx10_40.dll -> [2009.11.14 19:09:33 | 00,519,000 | ---- | C] (Microsoft Corporation)
d3dx10_40.dll -> C:\Windows\SysWow64\d3dx10_40.dll -> [2009.11.14 19:09:33 | 00,452,440 | ---- | C] (Microsoft Corporation)
XAudio2_3.dll -> C:\Windows\SysNative\XAudio2_3.dll -> [2009.11.14 19:09:32 | 00,518,480 | ---- | C] (Microsoft Corporation)
XAudio2_3.dll -> C:\Windows\SysWow64\XAudio2_3.dll -> [2009.11.14 19:09:32 | 00,514,384 | ---- | C] (Microsoft Corporation)
xactengine3_3.dll -> C:\Windows\SysWow64\xactengine3_3.dll -> [2009.11.14 19:09:32 | 00,235,856 | ---- | C] (Microsoft Corporation)
xactengine3_3.dll -> C:\Windows\SysNative\xactengine3_3.dll -> [2009.11.14 19:09:32 | 00,175,440 | ---- | C] (Microsoft Corporation)
XAPOFX1_2.dll -> C:\Windows\SysNative\XAPOFX1_2.dll -> [2009.11.14 19:09:32 | 00,074,576 | ---- | C] (Microsoft Corporation)
XAPOFX1_2.dll -> C:\Windows\SysWow64\XAPOFX1_2.dll -> [2009.11.14 19:09:32 | 00,070,992 | ---- | C] (Microsoft Corporation)
X3DAudio1_5.dll -> C:\Windows\SysNative\X3DAudio1_5.dll -> [2009.11.14 19:09:32 | 00,025,936 | ---- | C] (Microsoft Corporation)
X3DAudio1_5.dll -> C:\Windows\SysWow64\X3DAudio1_5.dll -> [2009.11.14 19:09:32 | 00,023,376 | ---- | C] (Microsoft Corporation)
XAudio2_1.dll -> C:\Windows\SysNative\XAudio2_1.dll -> [2009.11.14 19:09:30 | 00,511,496 | ---- | C] (Microsoft Corporation)
XAudio2_1.dll -> C:\Windows\SysWow64\XAudio2_1.dll -> [2009.11.14 19:09:30 | 00,507,400 | ---- | C] (Microsoft Corporation)
xactengine3_1.dll -> C:\Windows\SysWow64\xactengine3_1.dll -> [2009.11.14 19:09:30 | 00,238,088 | ---- | C] (Microsoft Corporation)
xactengine3_1.dll -> C:\Windows\SysNative\xactengine3_1.dll -> [2009.11.14 19:09:30 | 00,177,672 | ---- | C] (Microsoft Corporation)
XAPOFX1_0.dll -> C:\Windows\SysNative\XAPOFX1_0.dll -> [2009.11.14 19:09:30 | 00,068,104 | ---- | C] (Microsoft Corporation)
XAPOFX1_0.dll -> C:\Windows\SysWow64\XAPOFX1_0.dll -> [2009.11.14 19:09:30 | 00,065,032 | ---- | C] (Microsoft Corporation)
X3DAudio1_4.dll -> C:\Windows\SysNative\X3DAudio1_4.dll -> [2009.11.14 19:09:30 | 00,028,168 | ---- | C] (Microsoft Corporation)
X3DAudio1_4.dll -> C:\Windows\SysWow64\X3DAudio1_4.dll -> [2009.11.14 19:09:30 | 00,025,608 | ---- | C] (Microsoft Corporation)
D3DX9_38.dll -> C:\Windows\SysNative\D3DX9_38.dll -> [2009.11.14 19:09:29 | 04,991,496 | ---- | C] (Microsoft Corporation)
D3DX9_38.dll -> C:\Windows\SysWow64\D3DX9_38.dll -> [2009.11.14 19:09:29 | 03,850,760 | ---- | C] (Microsoft Corporation)
D3DCompiler_38.dll -> C:\Windows\SysNative\D3DCompiler_38.dll -> [2009.11.14 19:09:29 | 01,941,528 | ---- | C] (Microsoft Corporation)
D3DCompiler_38.dll -> C:\Windows\SysWow64\D3DCompiler_38.dll -> [2009.11.14 19:09:29 | 01,491,992 | ---- | C] (Microsoft Corporation)
d3dx10_38.dll -> C:\Windows\SysNative\d3dx10_38.dll -> [2009.11.14 19:09:29 | 00,540,688 | ---- | C] (Microsoft Corporation)
XAudio2_0.dll -> C:\Windows\SysNative\XAudio2_0.dll -> [2009.11.14 19:09:29 | 00,489,480 | ---- | C] (Microsoft Corporation)
XAudio2_0.dll -> C:\Windows\SysWow64\XAudio2_0.dll -> [2009.11.14 19:09:29 | 00,479,752 | ---- | C] (Microsoft Corporation)
d3dx10_38.dll -> C:\Windows\SysWow64\d3dx10_38.dll -> [2009.11.14 19:09:29 | 00,467,984 | ---- | C] (Microsoft Corporation)
D3DCompiler_37.dll -> C:\Windows\SysNative\D3DCompiler_37.dll -> [2009.11.14 19:09:28 | 01,860,120 | ---- | C] (Microsoft Corporation)
D3DCompiler_37.dll -> C:\Windows\SysWow64\D3DCompiler_37.dll -> [2009.11.14 19:09:28 | 01,420,824 | ---- | C] (Microsoft Corporation)
d3dx10_37.dll -> C:\Windows\SysNative\d3dx10_37.dll -> [2009.11.14 19:09:28 | 00,529,424 | ---- | C] (Microsoft Corporation)
d3dx10_37.dll -> C:\Windows\SysWow64\d3dx10_37.dll -> [2009.11.14 19:09:28 | 00,462,864 | ---- | C] (Microsoft Corporation)
xactengine3_0.dll -> C:\Windows\SysWow64\xactengine3_0.dll -> [2009.11.14 19:09:28 | 00,238,088 | ---- | C] (Microsoft Corporation)
xactengine3_0.dll -> C:\Windows\SysNative\xactengine3_0.dll -> [2009.11.14 19:09:28 | 00,177,672 | ---- | C] (Microsoft Corporation)
X3DAudio1_3.dll -> C:\Windows\SysNative\X3DAudio1_3.dll -> [2009.11.14 19:09:28 | 00,028,168 | ---- | C] (Microsoft Corporation)
X3DAudio1_3.dll -> C:\Windows\SysWow64\X3DAudio1_3.dll -> [2009.11.14 19:09:28 | 00,025,608 | ---- | C] (Microsoft Corporation)
D3DX9_37.dll -> C:\Windows\SysNative\D3DX9_37.dll -> [2009.11.14 19:09:27 | 04,910,088 | ---- | C] (Microsoft Corporation)
D3DX9_37.dll -> C:\Windows\SysWow64\D3DX9_37.dll -> [2009.11.14 19:09:27 | 03,786,760 | ---- | C] (Microsoft Corporation)
xactengine2_10.dll -> C:\Windows\SysNative\xactengine2_10.dll -> [2009.11.14 19:09:27 | 00,411,656 | ---- | C] (Microsoft Corporation)
xactengine2_10.dll -> C:\Windows\SysWow64\xactengine2_10.dll -> [2009.11.14 19:09:27 | 00,267,272 | ---- | C] (Microsoft Corporation)
D3DCompiler_36.dll -> C:\Windows\SysNative\D3DCompiler_36.dll -> [2009.11.14 19:09:26 | 02,006,552 | ---- | C] (Microsoft Corporation)
D3DCompiler_36.dll -> C:\Windows\SysWow64\D3DCompiler_36.dll -> [2009.11.14 19:09:26 | 01,374,232 | ---- | C] (Microsoft Corporation)
d3dx10_36.dll -> C:\Windows\SysNative\d3dx10_36.dll -> [2009.11.14 19:09:26 | 00,508,264 | ---- | C] (Microsoft Corporation)
d3dx10_36.dll -> C:\Windows\SysWow64\d3dx10_36.dll -> [2009.11.14 19:09:26 | 00,444,776 | ---- | C] (Microsoft Corporation)
d3dx9_36.dll -> C:\Windows\SysNative\d3dx9_36.dll -> [2009.11.14 19:09:25 | 05,081,608 | ---- | C] (Microsoft Corporation)
d3dx9_36.dll -> C:\Windows\SysWow64\d3dx9_36.dll -> [2009.11.14 19:09:25 | 03,734,536 | ---- | C] (Microsoft Corporation)
xactengine2_9.dll -> C:\Windows\SysNative\xactengine2_9.dll -> [2009.11.14 19:09:25 | 00,411,496 | ---- | C] (Microsoft Corporation)
xactengine2_9.dll -> C:\Windows\SysWow64\xactengine2_9.dll -> [2009.11.14 19:09:25 | 00,267,112 | ---- | C] (Microsoft Corporation)
d3dx9_35.dll -> C:\Windows\SysNative\d3dx9_35.dll -> [2009.11.14 19:09:24 | 05,073,256 | ---- | C] (Microsoft Corporation)
d3dx9_35.dll -> C:\Windows\SysWow64\d3dx9_35.dll -> [2009.11.14 19:09:24 | 03,727,720 | ---- | C] (Microsoft Corporation)
D3DCompiler_35.dll -> C:\Windows\SysNative\D3DCompiler_35.dll -> [2009.11.14 19:09:24 | 01,985,904 | ---- | C] (Microsoft Corporation)
D3DCompiler_35.dll -> C:\Windows\SysWow64\D3DCompiler_35.dll -> [2009.11.14 19:09:24 | 01,358,192 | ---- | C] (Microsoft Corporation)
d3dx10_35.dll -> C:\Windows\SysNative\d3dx10_35.dll -> [2009.11.14 19:09:24 | 00,508,264 | ---- | C] (Microsoft Corporation)
d3dx10_35.dll -> C:\Windows\SysWow64\d3dx10_35.dll -> [2009.11.14 19:09:24 | 00,444,776 | ---- | C] (Microsoft Corporation)
D3DCompiler_34.dll -> C:\Windows\SysNative\D3DCompiler_34.dll -> [2009.11.14 19:09:23 | 01,401,200 | ---- | C] (Microsoft Corporation)
D3DCompiler_34.dll -> C:\Windows\SysWow64\D3DCompiler_34.dll -> [2009.11.14 19:09:23 | 01,124,720 | ---- | C] (Microsoft Corporation)
d3dx10_34.dll -> C:\Windows\SysNative\d3dx10_34.dll -> [2009.11.14 19:09:23 | 00,506,728 | ---- | C] (Microsoft Corporation)
d3dx10_34.dll -> C:\Windows\SysWow64\d3dx10_34.dll -> [2009.11.14 19:09:23 | 00,443,752 | ---- | C] (Microsoft Corporation)
xactengine2_8.dll -> C:\Windows\SysNative\xactengine2_8.dll -> [2009.11.14 19:09:23 | 00,409,960 | ---- | C] (Microsoft Corporation)
xactengine2_8.dll -> C:\Windows\SysWow64\xactengine2_8.dll -> [2009.11.14 19:09:23 | 00,266,088 | ---- | C] (Microsoft Corporation)
X3DAudio1_2.dll -> C:\Windows\SysNative\X3DAudio1_2.dll -> [2009.11.14 19:09:23 | 00,021,000 | ---- | C] (Microsoft Corporation)
X3DAudio1_2.dll -> C:\Windows\SysWow64\X3DAudio1_2.dll -> [2009.11.14 19:09:23 | 00,017,928 | ---- | C] (Microsoft Corporation)
d3dx9_34.dll -> C:\Windows\SysNative\d3dx9_34.dll -> [2009.11.14 19:09:22 | 04,496,232 | ---- | C] (Microsoft Corporation)
d3dx9_34.dll -> C:\Windows\SysWow64\d3dx9_34.dll -> [2009.11.14 19:09:22 | 03,497,832 | ---- | C] (Microsoft Corporation)
xactengine2_7.dll -> C:\Windows\SysNative\xactengine2_7.dll -> [2009.11.14 19:09:22 | 00,403,304 | ---- | C] (Microsoft Corporation)
xactengine2_7.dll -> C:\Windows\SysWow64\xactengine2_7.dll -> [2009.11.14 19:09:22 | 00,261,480 | ---- | C] (Microsoft Corporation)
xinput1_3.dll -> C:\Windows\SysNative\xinput1_3.dll -> [2009.11.14 19:09:22 | 00,107,368 | ---- | C] (Microsoft Corporation)
xinput1_3.dll -> C:\Windows\SysWow64\xinput1_3.dll -> [2009.11.14 19:09:22 | 00,081,768 | ---- | C] (Microsoft Corporation)
d3dx9_33.dll -> C:\Windows\SysNative\d3dx9_33.dll -> [2009.11.14 19:09:21 | 04,494,184 | ---- | C] (Microsoft Corporation)
d3dx9_33.dll -> C:\Windows\SysWow64\d3dx9_33.dll -> [2009.11.14 19:09:21 | 03,495,784 | ---- | C] (Microsoft Corporation)
D3DCompiler_33.dll -> C:\Windows\SysNative\D3DCompiler_33.dll -> [2009.11.14 19:09:21 | 01,400,176 | ---- | C] (Microsoft Corporation)
D3DCompiler_33.dll -> C:\Windows\SysWow64\D3DCompiler_33.dll -> [2009.11.14 19:09:21 | 01,123,696 | ---- | C] (Microsoft Corporation)
d3dx10_33.dll -> C:\Windows\SysNative\d3dx10_33.dll -> [2009.11.14 19:09:21 | 00,506,728 | ---- | C] (Microsoft Corporation)
d3dx10_33.dll -> C:\Windows\SysWow64\d3dx10_33.dll -> [2009.11.14 19:09:21 | 00,443,752 | ---- | C] (Microsoft Corporation)
d3dx9_32.dll -> C:\Windows\SysNative\d3dx9_32.dll -> [2009.11.14 19:09:20 | 04,398,360 | ---- | C] (Microsoft Corporation)
d3dx9_32.dll -> C:\Windows\SysWow64\d3dx9_32.dll -> [2009.11.14 19:09:20 | 03,426,072 | ---- | C] (Microsoft Corporation)
d3dx10.dll -> C:\Windows\SysNative\d3dx10.dll -> [2009.11.14 19:09:20 | 00,469,264 | ---- | C] (Microsoft Corporation)
d3dx10.dll -> C:\Windows\SysWow64\d3dx10.dll -> [2009.11.14 19:09:20 | 00,440,080 | ---- | C] (Microsoft Corporation)
xactengine2_6.dll -> C:\Windows\SysNative\xactengine2_6.dll -> [2009.11.14 19:09:20 | 00,393,576 | ---- | C] (Microsoft Corporation)
xactengine2_5.dll -> C:\Windows\SysNative\xactengine2_5.dll -> [2009.11.14 19:09:20 | 00,390,424 | ---- | C] (Microsoft Corporation)
xactengine2_6.dll -> C:\Windows\SysWow64\xactengine2_6.dll -> [2009.11.14 19:09:20 | 00,255,848 | ---- | C] (Microsoft Corporation)
xactengine2_5.dll -> C:\Windows\SysWow64\xactengine2_5.dll -> [2009.11.14 19:09:20 | 00,251,672 | ---- | C] (Microsoft Corporation)
d3dx9_31.dll -> C:\Windows\SysNative\d3dx9_31.dll -> [2009.11.14 19:09:19 | 03,977,496 | ---- | C] (Microsoft Corporation)
d3dx9_31.dll -> C:\Windows\SysWow64\d3dx9_31.dll -> [2009.11.14 19:09:19 | 02,414,360 | ---- | C] (Microsoft Corporation)
xactengine2_4.dll -> C:\Windows\SysNative\xactengine2_4.dll -> [2009.11.14 19:09:19 | 00,364,824 | ---- | C] (Microsoft Corporation)
xactengine2_4.dll -> C:\Windows\SysWow64\xactengine2_4.dll -> [2009.11.14 19:09:19 | 00,237,848 | ---- | C] (Microsoft Corporation)
x3daudio1_1.dll -> C:\Windows\SysNative\x3daudio1_1.dll -> [2009.11.14 19:09:19 | 00,017,688 | ---- | C] (Microsoft Corporation)
x3daudio1_1.dll -> C:\Windows\SysWow64\x3daudio1_1.dll -> [2009.11.14 19:09:19 | 00,015,128 | ---- | C] (Microsoft Corporation)
xactengine2_3.dll -> C:\Windows\SysNative\xactengine2_3.dll -> [2009.11.14 19:09:18 | 00,363,288 | ---- | C] (Microsoft Corporation)
xactengine2_2.dll -> C:\Windows\SysNative\xactengine2_2.dll -> [2009.11.14 19:09:18 | 00,354,072 | ---- | C] (Microsoft Corporation)
xactengine2_3.dll -> C:\Windows\SysWow64\xactengine2_3.dll -> [2009.11.14 19:09:18 | 00,236,824 | ---- | C] (Microsoft Corporation)
xactengine2_2.dll -> C:\Windows\SysWow64\xactengine2_2.dll -> [2009.11.14 19:09:18 | 00,230,168 | ---- | C] (Microsoft Corporation)
xinput1_2.dll -> C:\Windows\SysNative\xinput1_2.dll -> [2009.11.14 19:09:18 | 00,083,736 | ---- | C] (Microsoft Corporation)
xinput1_1.dll -> C:\Windows\SysNative\xinput1_1.dll -> [2009.11.14 19:09:18 | 00,083,664 | ---- | C] (Microsoft Corporation)
xinput1_2.dll -> C:\Windows\SysWow64\xinput1_2.dll -> [2009.11.14 19:09:18 | 00,062,744 | ---- | C] (Microsoft Corporation)
xinput1_1.dll -> C:\Windows\SysWow64\xinput1_1.dll -> [2009.11.14 19:09:18 | 00,062,672 | ---- | C] (Microsoft Corporation)
xactengine2_1.dll -> C:\Windows\SysNative\xactengine2_1.dll -> [2009.11.14 19:09:17 | 00,352,464 | ---- | C] (Microsoft Corporation)
xactengine2_1.dll -> C:\Windows\SysWow64\xactengine2_1.dll -> [2009.11.14 19:09:17 | 00,229,584 | ---- | C] (Microsoft Corporation)
d3dx9_30.dll -> C:\Windows\SysNative\d3dx9_30.dll -> [2009.11.14 19:09:14 | 03,927,248 | ---- | C] (Microsoft Corporation)
d3dx9_30.dll -> C:\Windows\SysWow64\d3dx9_30.dll -> [2009.11.14 19:09:14 | 02,388,176 | ---- | C] (Microsoft Corporation)
d3dx9_29.dll -> C:\Windows\SysNative\d3dx9_29.dll -> [2009.11.14 19:09:12 | 03,830,992 | ---- | C] (Microsoft Corporation)
d3dx9_29.dll -> C:\Windows\SysWow64\d3dx9_29.dll -> [2009.11.14 19:09:12 | 02,332,368 | ---- | C] (Microsoft Corporation)
xactengine2_0.dll -> C:\Windows\SysNative\xactengine2_0.dll -> [2009.11.14 19:09:12 | 00,355,536 | ---- | C] (Microsoft Corporation)
xactengine2_0.dll -> C:\Windows\SysWow64\xactengine2_0.dll -> [2009.11.14 19:09:12 | 00,230,096 | ---- | C] (Microsoft Corporation)
x3daudio1_0.dll -> C:\Windows\SysNative\x3daudio1_0.dll -> [2009.11.14 19:09:12 | 00,016,592 | ---- | C] (Microsoft Corporation)
x3daudio1_0.dll -> C:\Windows\SysWow64\x3daudio1_0.dll -> [2009.11.14 19:09:12 | 00,014,032 | ---- | C] (Microsoft Corporation)
d3dx9_28.dll -> C:\Windows\SysNative\d3dx9_28.dll -> [2009.11.14 19:09:11 | 03,815,120 | ---- | C] (Microsoft Corporation)
d3dx9_27.dll -> C:\Windows\SysNative\d3dx9_27.dll -> [2009.11.14 19:09:11 | 03,807,440 | ---- | C] (Microsoft Corporation)
d3dx9_28.dll -> C:\Windows\SysWow64\d3dx9_28.dll -> [2009.11.14 19:09:11 | 02,323,664 | ---- | C] (Microsoft Corporation)
d3dx9_27.dll -> C:\Windows\SysWow64\d3dx9_27.dll -> [2009.11.14 19:09:11 | 02,319,568 | ---- | C] (Microsoft Corporation)
d3dx9_26.dll -> C:\Windows\SysNative\d3dx9_26.dll -> [2009.11.14 19:09:10 | 03,767,504 | ---- | C] (Microsoft Corporation)
d3dx9_26.dll -> C:\Windows\SysWow64\d3dx9_26.dll -> [2009.11.14 19:09:10 | 02,297,552 | ---- | C] (Microsoft Corporation)
d3dx9_25.dll -> C:\Windows\SysNative\d3dx9_25.dll -> [2009.11.14 19:09:09 | 03,823,312 | ---- | C] (Microsoft Corporation)
d3dx9_24.dll -> C:\Windows\SysNative\d3dx9_24.dll -> [2009.11.14 19:09:09 | 03,544,272 | ---- | C] (Microsoft Corporation)
d3dx9_25.dll -> C:\Windows\SysWow64\d3dx9_25.dll -> [2009.11.14 19:09:09 | 02,337,488 | ---- | C] (Microsoft Corporation)
d3dx9_24.dll -> C:\Windows\SysWow64\d3dx9_24.dll -> [2009.11.14 19:09:09 | 02,222,800 | ---- | C] (Microsoft Corporation)
InstallShield Installation Information -> C:\Program Files (x86)\InstallShield Installation Information -> [2009.11.14 19:06:35 | 00,000,000 | -H-D | C]
DAEMON Tools Lite -> C:\Users\Robsen\AppData\Roaming\DAEMON Tools Lite -> [2009.11.14 19:00:03 | 00,000,000 | ---D | C]
DAEMON Tools Lite -> C:\ProgramData\DAEMON Tools Lite -> [2009.11.14 19:00:01 | 00,000,000 | ---D | C]
WinRAR -> C:\Programme\WinRAR -> [2009.11.14 18:58:08 | 00,000,000 | ---D | C]
aswRdr.sys -> C:\Windows\SysNative\drivers\aswRdr.sys -> [2009.11.14 18:43:07 | 00,027,216 | ---- | C] (ALWIL Software)
aswTdi.sys -> C:\Windows\SysNative\drivers\aswTdi.sys -> [2009.11.14 18:43:06 | 00,059,472 | ---- | C] (ALWIL Software)
AvastSS.scr -> C:\Windows\SysNative\AvastSS.scr -> [2009.11.14 18:43:05 | 00,097,480 | ---- | C] (ALWIL Software)
aswSP.sys -> C:\Windows\SysNative\drivers\aswSP.sys -> [2009.11.14 18:43:05 | 00,089,680 | ---- | C] (ALWIL Software)
aswFsBlk.sys -> C:\Windows\SysNative\drivers\aswFsBlk.sys -> [2009.11.14 18:43:05 | 00,022,096 | ---- | C] (ALWIL Software)
aswMonFlt.sys -> C:\Windows\SysNative\drivers\aswMonFlt.sys -> [2009.11.14 18:43:04 | 00,065,616 | ---- | C] (ALWIL Software)
aswBoot.exe -> C:\Windows\SysWow64\aswBoot.exe -> [2009.11.14 18:42:51 | 01,279,968 | ---- | C] (ALWIL Software)
MFC71.dll -> C:\Windows\SysWow64\MFC71.dll -> [2009.11.14 18:42:51 | 01,060,864 | ---- | C] (Microsoft Corporation)
MSVCP71.dll -> C:\Windows\SysWow64\MSVCP71.dll -> [2009.11.14 18:42:51 | 00,499,712 | ---- | C] (Microsoft Corporation)
MSVCR71.dll -> C:\Windows\SysWow64\MSVCR71.dll -> [2009.11.14 18:42:51 | 00,348,160 | ---- | C] (Microsoft Corporation)
Alwil Software -> C:\Programme\Alwil Software -> [2009.11.14 18:42:50 | 00,000,000 | ---D | C]
Macromedia -> C:\Users\Robsen\AppData\Roaming\Macromedia -> [2009.11.14 18:25:12 | 00,000,000 | ---D | C]
Adobe -> C:\Users\Robsen\AppData\Roaming\Adobe -> [2009.11.14 18:25:12 | 00,000,000 | ---D | C]
Macromed -> C:\Windows\SysWow64\Macromed -> [2009.11.14 18:25:09 | 00,000,000 | ---D | C]
Mozilla -> C:\Users\Robsen\AppData\Roaming\Mozilla -> [2009.11.14 18:24:04 | 00,000,000 | ---D | C]
Mozilla -> C:\Users\Robsen\AppData\Local\Mozilla -> [2009.11.14 18:24:04 | 00,000,000 | ---D | C]
Mozilla Firefox -> C:\Program Files (x86)\Mozilla Firefox -> [2009.11.14 18:24:01 | 00,000,000 | ---D | C]
GDIPFONTCACHEV1.DAT -> C:\Users\Robsen\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009.11.14 18:16:19 | 00,113,016 | ---- | C] ()
NVIDIA Corporation -> C:\Program Files (x86)\NVIDIA Corporation -> [2009.11.14 18:13:53 | 00,000,000 | ---D | C]
NVIDIA -> C:\ProgramData\NVIDIA -> [2009.11.14 18:13:45 | 00,000,000 | ---D | C]
AGEIA Technologies -> C:\Program Files (x86)\AGEIA Technologies -> [2009.11.14 18:13:19 | 00,000,000 | ---D | C]
AGEIA -> C:\Windows\SysWow64\AGEIA -> [2009.11.14 18:13:19 | 00,000,000 | ---D | C]
Installer -> C:\Windows\Installer -> [2009.11.14 18:13:17 | 00,000,000 | -HSD | C]
Wise Installation Wizard -> C:\Program Files (x86)\Common Files\Wise Installation Wizard -> [2009.11.14 18:13:15 | 00,000,000 | ---D | C]
nvuninst.exe -> C:\Windows\SysNative\nvuninst.exe -> [2009.11.14 18:13:12 | 00,541,800 | ---- | C] (NVIDIA Corporation)
NVIDIA -> C:\NVIDIA -> [2009.11.14 18:12:44 | 00,000,000 | ---D | C]
msv1_0.dll -> C:\Windows\SysNative\msv1_0.dll -> [2009.11.14 18:06:34 | 00,311,808 | ---- | C] (Microsoft Corporation)
msv1_0.dll -> C:\Windows\SysWow64\msv1_0.dll -> [2009.11.14 18:06:34 | 00,257,024 | ---- | C] (Microsoft Corporation)
MRT.exe -> C:\Windows\SysNative\MRT.exe -> [2009.11.14 18:05:49 | 28,155,840 | ---- | C] (Microsoft Corporation)
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009.11.14 18:05:45 | 00,226,688 | ---- | C] (Microsoft Corporation)
wmp.dll -> C:\Windows\SysNative\wmp.dll -> [2009.11.14 18:05:09 | 14,629,376 | ---- | C] (Microsoft Corporation)
wmp.dll -> C:\Windows\SysWow64\wmp.dll -> [2009.11.14 18:05:08 | 11,406,336 | ---- | C] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\SysWow64\wmploc.DLL -> [2009.11.14 18:05:07 | 12,625,408 | ---- | C] (Microsoft Corporation)
explorer.exe -> C:\Windows\explorer.exe -> [2009.11.14 18:05:07 | 02,868,224 | ---- | C] (Microsoft Corporation)
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009.11.14 18:05:07 | 02,613,248 | ---- | C] (Microsoft Corporation)
CertEnroll.dll -> C:\Windows\SysNative\CertEnroll.dll -> [2009.11.14 18:05:07 | 01,975,296 | ---- | C] (Microsoft Corporation)
CertEnroll.dll -> C:\Windows\SysWow64\CertEnroll.dll -> [2009.11.14 18:05:07 | 01,320,960 | ---- | C] (Microsoft Corporation)
dxgkrnl.sys -> C:\Windows\SysNative\drivers\dxgkrnl.sys -> [2009.11.14 18:05:07 | 00,982,600 | ---- | C] (Microsoft Corporation)
atmfd.dll -> C:\Windows\SysNative\atmfd.dll -> [2009.11.14 18:05:07 | 00,366,080 | ---- | C] (Adobe Systems Incorporated)
atmfd.dll -> C:\Windows\SysWow64\atmfd.dll -> [2009.11.14 18:05:07 | 00,293,888 | ---- | C] (Adobe Systems Incorporated)
t2embed.dll -> C:\Windows\SysNative\t2embed.dll -> [2009.11.14 18:05:07 | 00,148,480 | ---- | C] (Microsoft Corporation)
t2embed.dll -> C:\Windows\SysWow64\t2embed.dll -> [2009.11.14 18:05:07 | 00,108,544 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\SysNative\fontsub.dll -> [2009.11.14 18:05:07 | 00,100,864 | ---- | C] (Microsoft Corporation)
fontsub.dll -> C:\Windows\SysWow64\fontsub.dll -> [2009.11.14 18:05:07 | 00,071,168 | ---- | C] (Microsoft Corporation)
wmploc.DLL -> C:\Windows\SysNative\wmploc.DLL -> [2009.11.14 18:05:06 | 12,625,920 | ---- | C] (Microsoft Corporation)
SystemRequirementsLab -> C:\Program Files (x86)\SystemRequirementsLab -> [2009.11.14 18:04:50 | 00,000,000 | ---D | C]
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009.11.14 18:04:33 | 09,272,320 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009.11.14 18:04:33 | 05,958,656 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009.11.14 18:04:31 | 00,082,944 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009.11.14 18:04:31 | 00,064,512 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\SysNative\msasn1.dll -> [2009.11.14 18:04:31 | 00,046,592 | ---- | C] (Microsoft Corporation)
msasn1.dll -> C:\Windows\SysWow64\msasn1.dll -> [2009.11.14 18:04:31 | 00,034,816 | ---- | C] (Microsoft Corporation)

[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\Robsen\NTUSER.DAT -> [2009.11.23 12:26:28 | 01,048,576 | -HS- | M] ()
OTS.exe -> C:\Users\Robsen\Desktop\OTS.exe -> [2009.11.23 12:25:27 | 00,525,824 | ---- | M] (OldTimer Tools)
bootstat.dat -> C:\Windows\bootstat.dat -> [2009.11.23 12:19:11 | 00,067,584 | --S- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009.11.23 08:45:51 | 00,000,898 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009.11.23 08:30:12 | 00,014,816 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009.11.23 08:30:12 | 00,014,816 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009.11.23 08:27:21 | 01,480,602 | ---- | M] ()
perfh007.dat -> C:\Windows\SysNative\perfh007.dat -> [2009.11.23 08:27:21 | 00,647,138 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009.11.23 08:27:21 | 00,609,896 | ---- | M] ()
perfc007.dat -> C:\Windows\SysNative\perfc007.dat -> [2009.11.23 08:27:21 | 00,127,198 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009.11.23 08:27:21 | 00,104,214 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009.11.23 08:23:07 | 00,000,894 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009.11.23 08:23:05 | 00,000,006 | -H-- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2009.11.23 08:22:53 | 32,200,37632 | -HS- | M] ()
IconCache.db -> C:\Users\Robsen\AppData\Local\IconCache.db -> [2009.11.23 02:38:15 | 01,485,612 | -H-- | M] ()
RSIT.exe -> C:\Users\Robsen\Desktop\RSIT.exe -> [2009.11.23 00:34:09 | 00,781,909 | ---- | M] ()
cc_20091122_235015.reg -> C:\Users\Robsen\Documents\cc_20091122_235015.reg -> [2009.11.22 23:50:19 | 00,000,604 | ---- | M] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009.11.22 18:24:18 | 33,961,0953 | ---- | M] ()
cc_20091122_181042.reg -> C:\Users\Robsen\Documents\cc_20091122_181042.reg -> [2009.11.22 18:10:46 | 00,005,420 | ---- | M] ()
cc_20091122_180318.reg -> C:\Users\Robsen\Documents\cc_20091122_180318.reg -> [2009.11.22 18:03:24 | 00,026,516 | ---- | M] ()
CCleaner.lnk -> C:\Users\Robsen\Desktop\CCleaner.lnk -> [2009.11.22 18:02:52 | 00,001,889 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009.11.22 17:37:58 | 00,001,013 | ---- | M] ()
HijackThis.lnk -> C:\Users\Robsen\Desktop\HijackThis.lnk -> [2009.11.22 16:52:52 | 00,002,097 | ---- | M] ()
avast! Antivirus.lnk -> C:\Users\Public\Desktop\avast! Antivirus.lnk -> [2009.11.22 14:01:22 | 00,001,905 | ---- | M] ()
SmarThruOptions.xml -> C:\Users\Robsen\AppData\Roaming\SmarThruOptions.xml -> [2009.11.22 12:41:07 | 00,011,366 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009.11.19 18:20:38 | 01,499,556 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Robsen\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009.11.19 14:37:01 | 00,113,016 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009.11.19 12:40:09 | 00,432,104 | ---- | M] ()
Outlook.lnk -> C:\Users\Robsen\Desktop\Outlook.lnk -> [2009.11.18 13:14:45 | 00,002,795 | ---- | M] ()
win.ini -> C:\Windows\win.ini -> [2009.11.18 13:11:30 | 00,000,478 | ---- | M] ()
Winamp.lnk -> C:\Users\Public\Desktop\Winamp.lnk -> [2009.11.17 16:17:50 | 00,000,993 | ---- | M] ()
SAMSUNG Dr.Printer.url -> C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url -> [2009.11.17 15:12:45 | 00,000,138 | ---- | M] ()
Readiris.ini -> C:\Windows\Readiris.ini -> [2009.11.17 15:12:29 | 00,000,136 | ---- | M] ()
SmarThru 4.lnk -> C:\Users\Public\Desktop\SmarThru 4.lnk -> [2009.11.17 15:12:07 | 00,000,828 | ---- | M] ()
deploytk.dll -> C:\Windows\SysWow64\deploytk.dll -> [2009.11.17 14:54:13 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
javaws.exe -> C:\Windows\SysWow64\javaws.exe -> [2009.11.17 14:54:13 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\Windows\SysWow64\javaw.exe -> [2009.11.17 14:54:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\Windows\SysWow64\java.exe -> [2009.11.17 14:54:13 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
hamachi.sys -> C:\Windows\SysNative\drivers\hamachi.sys -> [2009.11.15 00:00:44 | 00,033,344 | ---- | M] (LogMeIn, Inc.)
lhacm.acm -> C:\Windows\SysWow64\lhacm.acm -> [2009.11.14 23:29:53 | 00,034,064 | ---- | M] (Microsoft Corporation)
Teamspeak 2 RC2.lnk -> C:\Users\Robsen\Desktop\Teamspeak 2 RC2.lnk -> [2009.11.14 23:29:48 | 00,000,643 | ---- | M] ()
resmon.resmoncfg -> C:\Users\Robsen\AppData\Local\resmon.resmoncfg -> [2009.11.14 20:21:15 | 00,000,017 | ---- | M] ()
atksgt.sys -> C:\Windows\SysNative\drivers\atksgt.sys -> [2009.11.14 19:09:37 | 00,314,016 | ---- | M] ()
lirsgt.sys -> C:\Windows\SysNative\drivers\lirsgt.sys -> [2009.11.14 19:09:36 | 00,043,680 | ---- | M] ()
sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2009.11.14 19:00:57 | 00,834,544 | ---- | M] ()
config.nt -> C:\Windows\SysWow64\config.nt -> [2009.11.14 18:43:04 | 00,000,000 | ---- | M] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2009.11.14 18:24:05 | 00,000,000 | ---- | M] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2009.11.14 18:24:02 | 00,001,943 | ---- | M] ()
MRT.exe -> C:\Windows\SysNative\MRT.exe -> [2009.11.05 10:06:00 | 28,155,840 | ---- | M] (Microsoft Corporation)
MpSigStub.exe -> C:\Windows\SysNative\MpSigStub.exe -> [2009.11.02 20:42:06 | 00,226,688 | ---- | M] (Microsoft Corporation)

[Files - No Company Name]
RSIT.exe -> C:\Users\Robsen\Desktop\RSIT.exe -> [2009.11.23 00:34:08 | 00,781,909 | ---- | C] ()
cc_20091122_235015.reg -> C:\Users\Robsen\Documents\cc_20091122_235015.reg -> [2009.11.22 23:50:17 | 00,000,604 | ---- | C] ()
MEMORY.DMP -> C:\Windows\MEMORY.DMP -> [2009.11.22 18:24:18 | 33,961,0953 | ---- | C] ()
cc_20091122_181042.reg -> C:\Users\Robsen\Documents\cc_20091122_181042.reg -> [2009.11.22 18:10:44 | 00,005,420 | ---- | C] ()
cc_20091122_180318.reg -> C:\Users\Robsen\Documents\cc_20091122_180318.reg -> [2009.11.22 18:03:20 | 00,026,516 | ---- | C] ()
CCleaner.lnk -> C:\Users\Robsen\Desktop\CCleaner.lnk -> [2009.11.22 18:02:52 | 00,001,889 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009.11.22 17:37:58 | 00,001,013 | ---- | C] ()
HijackThis.lnk -> C:\Users\Robsen\Desktop\HijackThis.lnk -> [2009.11.22 16:52:52 | 00,002,097 | ---- | C] ()
PerfStringBackup.INI -> C:\Windows\SysWow64\PerfStringBackup.INI -> [2009.11.19 18:20:38 | 01,499,556 | ---- | C] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2009.11.19 15:39:11 | 00,000,898 | ---- | C] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2009.11.19 15:39:10 | 00,000,894 | ---- | C] ()
Outlook.lnk -> C:\Users\Robsen\Desktop\Outlook.lnk -> [2009.11.18 13:14:45 | 00,002,795 | ---- | C] ()
Winamp.lnk -> C:\Users\Public\Desktop\Winamp.lnk -> [2009.11.17 16:17:50 | 00,000,993 | ---- | C] ()
SAMSUNG Dr.Printer.url -> C:\Users\Public\Desktop\SAMSUNG Dr.Printer.url -> [2009.11.17 15:12:45 | 00,000,138 | ---- | C] ()
SmarThruOptions.xml -> C:\Users\Robsen\AppData\Roaming\SmarThruOptions.xml -> [2009.11.17 15:12:39 | 00,011,366 | ---- | C] ()
SvcMan.exe -> C:\Windows\SysWow64\SvcMan.exe -> [2009.11.17 15:12:37 | 00,036,864 | ---- | C] ()
SSPORT.CAT -> C:\Windows\SysWow64\SSPORT.CAT -> [2009.11.17 15:12:37 | 00,007,297 | ---- | C] ()
DgivEcp.cat -> C:\Windows\SysWow64\DgivEcp.cat -> [2009.11.17 15:12:37 | 00,007,036 | ---- | C] ()
SecSNMP.dll -> C:\Windows\SysWow64\SecSNMP.dll -> [2009.11.17 15:12:34 | 00,172,032 | ---- | C] ()
ltocx13.lic -> C:\Windows\SysWow64\ltocx13.lic -> [2009.11.17 15:12:33 | 00,000,422 | ---- | C] ()
Readiris.ini -> C:\Windows\Readiris.ini -> [2009.11.17 15:12:29 | 00,000,136 | ---- | C] ()
irisco32.dll -> C:\Windows\SysWow64\irisco32.dll -> [2009.11.17 15:12:28 | 00,023,040 | ---- | C] ()
SmarThru 4.lnk -> C:\Users\Public\Desktop\SmarThru 4.lnk -> [2009.11.17 15:12:07 | 00,000,828 | ---- | C] ()
Dr. Printer Icon.ico -> C:\Windows\Dr. Printer Icon.ico -> [2009.11.17 15:11:56 | 00,011,502 | ---- | C] ()
Teamspeak 2 RC2.lnk -> C:\Users\Robsen\Desktop\Teamspeak 2 RC2.lnk -> [2009.11.14 23:29:48 | 00,000,643 | ---- | C] ()
resmon.resmoncfg -> C:\Users\Robsen\AppData\Local\resmon.resmoncfg -> [2009.11.14 20:21:15 | 00,000,017 | ---- | C] ()
atksgt.sys -> C:\Windows\SysNative\drivers\atksgt.sys -> [2009.11.14 19:09:37 | 00,314,016 | ---- | C] ()
lirsgt.sys -> C:\Windows\SysNative\drivers\lirsgt.sys -> [2009.11.14 19:09:36 | 00,043,680 | ---- | C] ()
sptd.sys -> C:\Windows\SysNative\drivers\sptd.sys -> [2009.11.14 19:00:57 | 00,834,544 | ---- | C] ()
avast! Antivirus.lnk -> C:\Users\Public\Desktop\avast! Antivirus.lnk -> [2009.11.14 18:43:07 | 00,001,905 | ---- | C] ()
config.nt -> C:\Windows\SysWow64\config.nt -> [2009.11.14 18:43:04 | 00,000,000 | ---- | C] ()
actskin4.ocx -> C:\Windows\SysWow64\actskin4.ocx -> [2009.11.14 18:42:51 | 00,380,928 | ---- | C] ()
nsreg.dat -> C:\Windows\nsreg.dat -> [2009.11.14 18:24:05 | 00,000,000 | ---- | C] ()
Mozilla Firefox.lnk -> C:\Users\Public\Desktop\Mozilla Firefox.lnk -> [2009.11.14 18:24:02 | 00,001,943 | ---- | C] ()
GDIPFONTCACHEV1.DAT -> C:\Users\Robsen\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009.11.14 18:16:19 | 00,113,016 | ---- | C] ()
physxcudart_20.dll -> C:\Windows\SysWow64\physxcudart_20.dll -> [2009.08.03 00:21:54 | 00,197,912 | ---- | C] ()
AgCPanelTraditionalChinese.dll -> C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll -> [2009.08.03 00:21:54 | 00,058,648 | ---- | C] ()
AgCPanelSwedish.dll -> C:\Windows\SysWow64\AgCPanelSwedish.dll -> [2009.08.03 00:21:54 | 00,058,648 | ---- | C] ()
AgCPanelSpanish.dll -> C:\Windows\SysWow64\AgCPanelSpanish.dll -> [2009.08.03 00:21:54 | 00,058,648 | ---- | C] ()
AgCPanelSimplifiedChinese.dll -> C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll -> [2009.08.03 00:21:54 | 00,058,648 | ---- | C] ()
AgCPanelPortugese.dll -> C:\Windows\SysWow64\AgCPanelPortugese.dll -> [2009.08.03 00:21:54 | 00,058,648 | ---- | C] ()
AgCPanelKorean.dll -> C:\Windows\SysWow64\AgCPanelKorean.dll -> [2009.08.03 00:21:54 | 00,058,648 | ---- | C] ()
AgCPanelJapanese.dll -> C:\Windows\SysWow64\AgCPanelJapanese.dll -> [2009.08.03 00:21:54 | 00,058,648 | ---- | C] ()
AgCPanelGerman.dll -> C:\Windows\SysWow64\AgCPanelGerman.dll -> [2009.08.03 00:21:52 | 00,058,648 | ---- | C] ()
AgCPanelFrench.dll -> C:\Windows\SysWow64\AgCPanelFrench.dll -> [2009.08.03 00:21:52 | 00,058,648 | ---- | C] ()
msdfmap.ini -> C:\Windows\msdfmap.ini -> [2009.07.14 03:35:42 | 00,001,405 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2009.07.14 03:34:57 | 00,000,478 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2009.07.14 03:34:57 | 00,000,219 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009.07.14 00:42:10 | 00,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009.07.13 22:03:59 | 00,364,544 | ---- | C] ()
< End of report >
[/code] dann bin ich ja mal gespannt, was der herr swisstreasure mir da rausfiltern wird ;)
Seitenanfang Seitenende
23.11.2009, 14:25
Moderator

Beiträge: 5694
#12 Ich sehe nichts schädliches.

>>
Systemwiederherstellung deaktivieren (XP):
Arbeitsplatz --> Rechtsklick, dann auf Eigenschaften --> Reiter Systemwiederherstellung --> Häkchen setzen bei Systemwiederherstellung auf allen Laufwerken deaktivieren.
dann das Häkchen wieder rausnehmen. (also wieder aktivieren)


>>

Java aktualisieren


Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java (Java SE Runtime Environment (JRE) 6 Update 16) von SUN. Wenn Du auf Download geklickt hast, erscheint eine Seite, wo Du das Betriebssystem auswählen musst (also Windows) und ein Häkchen bei "I agree" setzen musst. Dann auf den Button "Continue" klicken. Dort die jre-6u16-windows-i586.exe downloaden und anschließend installieren, eventuell angebotene Toolbars nicht mitinstallieren.

>>
Programme updaten

Du verwendest zum Teil veraltete Software, die Sicherheitslücken auf deinem System bildet, durch die Malware eindringen kann. Alle Software, die du auf deinem Rechner hast, muss regelmäßig geupdatet werden, auch dann, wenn du sie nicht verwendest. Eine einfache Möglichkeit, diese Software Updates zu überwachen, bietet der Secunia Inspektor.

>>
Tool-Bereinigung mit OTM

Wir werden nun die CleanUp!-Funktion von OTM nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
• Bitte lade Dir (falls noch nicht vorhanden) OTM von OldTimer herunter.
Speichere es auf Deinem Desktop.
• Doppelklick auf OTM.exe um das Programm auszuführen.
Vista-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
• Klicke auf den Button "CleanUp!"
• OTM fragt eventuell nach einem Neustart.
Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTM und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.
Seitenanfang Seitenende
24.11.2009, 02:01
Member

Themenstarter

Beiträge: 20
#13 "ES" ist wieder da!
ich hab mir irgendwie gedacht, dass ich der ruhe nicht trauen kann. gestern bestimmt 10mal gescannt, nix mehr gewesen. grad eben wieder n lag, nochmal malwarebytes laufen lassen und siehe da:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 3213
Windows 6.1.7600

24.11.2009 01:59:37
mbam-log-2009-11-24 (01-59-37).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 12538
Laufzeit: 17 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{4ey0kat7-134k-ic08-40l8-6o0127s53167} (Generic.Bot.H) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\System32\sndvol32.exe (Generic.Bot.H) -> Quarantined and deleted successfully.

Wieso hat sich das Ding nachgeladen, wohe rkommt es und wie kann ich es für immer beseitigen? Irgendne Ahnung? Bei welchem deiner Threads soll ich nun anfangen mit dem abarbeiten oder muss ich am besten neu aufsetzen?
Seitenanfang Seitenende
24.11.2009, 12:27
Moderator

Beiträge: 5694
#14 Gehe in den Taskmanager und schau, ob ein Prozess vorhanden ist namens:
sndvol32.exe

Wenn ja, dann beende ihn.

>>
Avenger
http://virus-protect.org/artikel/tools/avenger.html
kopiere in das weisse Feld:

Zitat

Files to delete:
C:\Windows\System32\sndvol32.exe
- schliesse alle offenen Programme (denn nach Anwendung des Avengers wird der Rechner neustarten)

- Klicke: Execute

- bestätige, dass der Rechner neu gestartet wird - klicke "yes"
- nach dem Neustart erscheint automatisch ein Log vom Avenger - (C:\avenger.txt), kopiere es ab - mit rechtem Mausklick - kopieren - einfügen

>>
loesche das Backup vom Avenger unter C:\Avenger\backup.zip + leere den Papierkorb

>>
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html

Gruss Swiss
Seitenanfang Seitenende
24.11.2009, 14:41
Member

Themenstarter

Beiträge: 20
#15 hey swisstreasure,

aaaalso: ich hatte keine sndvol32.exe am laufen (liegt vielleicht daran, dass malwarebytes das problem mal wieder - zumindest für einige zeit - gefixt hat). momentan findet es zumindest nix mehr, aber das war ja vorgestern auch schon so...

hab auf jeden fall den avenger ausgeführt.
dann allerdings das nächste problem: ich habe keine backup datei vom avenger und auch den pfad c:\avenger nicht - nirgendwo auf der platte! eine log-datei kann ich auch nirgendwo finden.

und ein weiteres problem: combofix läuft nicht, weil ich win7 drauf hab. auch nicht in allen kompatibilitätsmodi die ich ausprobiert hab.

man, das nervt. neues windoofs, malware drauf und die wichtigen progs laufen net....
wie gehts weiter?

PS. fakt ist, dass da immernoch irgendwas strange abgeht - mein rechner wird nach 30min sowas von lame, dass gar nix mehr geht. wenn ich dann neu starte hab ich wieder ruhe für ne halbe stunde. kann aber momentan auch keinen prozess finden, der mir jetzt auf anhieb verdächtig vorkommt (gut, ich hab auch keine ahnung davon), jedenfalls ist die firefox.exe nicht mehr aufgetaucht, sndvol32.exe ist auch net da, trotzdem ist da irgendwas irgendwo....
Dieser Beitrag wurde am 24.11.2009 um 16:12 Uhr von Robsen_Ponte editiert.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: