XP x64 startet ständig neu

**BloodyFanatic** · 06.09.2008, 22:08

Hi! Ich stehe vor folgendem problem:
ich habe windows xp x64 mit SP 2 und nach ca. einer stunde kommt in dialogfenster, das ankündigt, das sich das system im 60 sekunden neustarten wird. lässt sich mit shutdown -a aufhalten, allerdings funktionieren danach nur noch laufende programme. sobald dann etwas gestartet wird, war's das mit dem system...
als gründe stehen dort unterschiedliche dinge, mal wurde lsass.exe unerwartet beendet, mal services.exe und eben grade der RPC dienst: "Windows must now restart because the Remote Procedure Call (RPC) service terminated unexpectedly"

aus dem grund hatte ich formatiert und windows neu installiert und die allerwichtigsten programme, aber die probleme treten immer noch auf.
mein viren-scanner findet rein gar nichts, SUPERAntiSpyware findet auch nichts.

hier der hijackthis log (nach der rpc bla meldung):

Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:54:49, on 06/09/2008
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)
Boot mode: Normal

Running processes:
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe
C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Pidgin\pidgin.exe
C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe
C:\Program Files (x86)\The KMPlayer1431\KMPlayer.exe
C:\Program Files (x86)\TrueCrypt\TrueCrypt.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe" -r
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-2842628995-3559081299-4084640986-1003\..\Run: [SUPERAntiSpyware] C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files (x86)\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: Event Log (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: HTTP SSL (HTTPFilter) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Distributed Transaction Coordinator (MSDTC) - Unknown owner - C:\WINDOWS\system32\msdtc.exe (file missing)
O23 - Service: Net Logon (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NT LM Security Support Provider (NtLmSsp) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc64.exe (file missing)
O23 - Service: Plug and Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe (file missing)
O23 - Service: IPSEC Services (PolicyAgent) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Protected Storage (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Security Accounts Manager (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Virtual Disk Service (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: Volume Shadow Copy (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: WMI Performance Adapter (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)

--
End of file - 6747 bytes

Da ich absolut nicht weiter weiß und auch nach tagelanger suche mit google nicht schlauer geworden bin, wende ich mich nun an euch. vllt könnt ihr mir ja helfen, ich bin bereit, alles zu probieren.

mfg
Carsten

**Petra** · 06.09.2008, 23:30

Hallo Carsten,

beim Überfliegen Deines Threads fiel mir folgendes ins Auge: Du schreibst: "Ich habe Windows XP x64 mit SP 2", aber das Logfile sagt: Platform: Windows 2003 SP2 (WinNT 5.02.3790)

**BloodyFanatic** · 07.09.2008, 09:23

das ist schon richtig so, denn das 64 bit Windows XP basiert auf Windows 2003. Siehe Wikipedia: http://en.wikipedia.org/wiki/Windows...al_x64_Edition

Windows XP 64-bit Edition, Version 2003 — Based on Windows Server 2003 codebase, which added support for the Itanium 2 processor, was released on March 28, 2003.

nachtrag: die hjtscanliste:

Code:

 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 
                        º                                    º 
                                    hjtscanlist v2.0              
                        º                                    º 
                        $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ 

Microsoft Windows [Version 5.2.3790]
 
 
C:

  06/09/2008 21:06      C:\WINDOWS --------- 0 
  06/09/2008 17:06      C:\Downloads --------- 0 
  06/09/2008 14:46      C:\Program Files --------- 0 
  06/09/2008 13:34      C:\Program Files (x86) --------- 0 
  05/09/2008 10:50      C:\spoolerlogs --------- 0 
  05/09/2008 09:47      C:\mnt --------- 0 
  04/09/2008 15:25      C:\progs --------- 0 
  29/08/2008 17:20      C:\Fraps --------- 0 
  27/08/2008 14:59      C:\RECYCLER --------- 0 
  27/08/2008 14:48      C:\Documents and Settings --------- 0 
  27/08/2008 14:35      C:\Python25 --------- 0 
  27/08/2008 12:30      C:\pagefile.sys --------- 2145386496 
  27/08/2008 11:56      C:\System Volume Information --------- 0 
  27/08/2008 11:52      C:\CONFIG.SYS --------- 0 
  27/08/2008 11:52      C:\AUTOEXEC.BAT --------- 0 
  27/08/2008 11:52      C:\MSDOS.SYS --------- 0 
  27/08/2008 11:52      C:\IO.SYS --------- 0 
  27/08/2008 11:49      C:\boot.ini --------- 213 
  18/02/2007 11:12      C:\ntldr --------- 297072 
  25/03/2005 14:00      C:\NTDETECT.COM --------- 47772 
----------------------------------------

 
C:\WINDOWS

  07/09/2008 10:19     C:\WINDOWS\WindowsUpdate.log --------- 973506 
  07/09/2008 10:17     C:\WINDOWS\0.log --------- 0 
  07/09/2008 10:17     C:\WINDOWS\bootstat.dat --------- 2048 
  06/09/2008 22:05     C:\WINDOWS\setupapi.log --------- 900767 
  06/09/2008 14:47     C:\WINDOWS\setupact.log --------- 211298 
  02/09/2008 21:20     C:\WINDOWS\spupdsvc.log --------- 2737 
  01/09/2008 23:12     C:\WINDOWS\FaxSetup.log --------- 186323 
  01/09/2008 23:12     C:\WINDOWS\iis6.log --------- 105057 
  01/09/2008 23:12     C:\WINDOWS\tsoc.log --------- 84134 
  01/09/2008 23:12     C:\WINDOWS\comsetup.log --------- 86727 
  01/09/2008 23:12     C:\WINDOWS\ocmsn.log --------- 12589 
  01/09/2008 23:12     C:\WINDOWS\imsins.log --------- 956 
  01/09/2008 23:12     C:\WINDOWS\ntdtcsetup.log --------- 55713 
  01/09/2008 23:12     C:\WINDOWS\KB944338-v2.log --------- 28226 
  01/09/2008 23:12     C:\WINDOWS\ocgen.log --------- 71019 
  01/09/2008 23:12     C:\WINDOWS\msmqinst.log --------- 107278 
  01/09/2008 23:12     C:\WINDOWS\msgsocm.log --------- 11299 
  01/09/2008 23:12     C:\WINDOWS\KB935839.log --------- 27740 
  01/09/2008 23:12     C:\WINDOWS\imsins.BAK --------- 956 
  01/09/2008 23:12     C:\WINDOWS\updspapi.log --------- 13693 
  01/09/2008 23:12     C:\WINDOWS\KB938127.log --------- 26710 
  01/09/2008 23:12     C:\WINDOWS\KB924667-v2.log --------- 24033 
  01/09/2008 23:12     C:\WINDOWS\KB946648.log --------- 26545 
  01/09/2008 23:12     C:\WINDOWS\KB941569.log --------- 27572 
  01/09/2008 23:12     C:\WINDOWS\wmsetup.log --------- 16867 
  01/09/2008 23:12     C:\WINDOWS\KB936357.log --------- 26613 
  01/09/2008 23:12     C:\WINDOWS\KB929123.log --------- 26652 
  01/09/2008 23:12     C:\WINDOWS\KB939683.log --------- 26966 
  01/09/2008 23:11     C:\WINDOWS\KB943055.log --------- 26720 
  01/09/2008 23:11     C:\WINDOWS\KB951072-v2.log --------- 38624 
  01/09/2008 23:11     C:\WINDOWS\KB945553.log --------- 26414 
  01/09/2008 23:11     C:\WINDOWS\KB932168.log --------- 25425 
  01/09/2008 23:11     C:\WINDOWS\KB951698.log --------- 23411 
  01/09/2008 23:11     C:\WINDOWS\KB946026.log --------- 23555 
  01/09/2008 23:11     C:\WINDOWS\KB941693.log --------- 24111 
  01/09/2008 23:11     C:\WINDOWS\KB932596.log --------- 24053 
  01/09/2008 23:11     C:\WINDOWS\KB936782.log --------- 24392 
  01/09/2008 23:11     C:\WINDOWS\KB925902.log --------- 24462 
  01/09/2008 23:11     C:\WINDOWS\KB950762.log --------- 22012 
  01/09/2008 23:11     C:\WINDOWS\KB951376.log --------- 21944 
  01/09/2008 23:11     C:\WINDOWS\KB943460.log --------- 22094 
  01/09/2008 23:11     C:\WINDOWS\KB930178.log --------- 20954 
  01/09/2008 23:11     C:\WINDOWS\KB951748.log --------- 21106 
  01/09/2008 23:10     C:\WINDOWS\KB951066.log --------- 15375 
  01/09/2008 23:10     C:\WINDOWS\KB952954.log --------- 15660 
  01/09/2008 23:10     C:\WINDOWS\KB927891.log --------- 15058 
  01/09/2008 23:10     C:\WINDOWS\KB933729.log --------- 14068 
  01/09/2008 23:10     C:\WINDOWS\KB948590.log --------- 13039 
  01/09/2008 23:10     C:\WINDOWS\KB953838.log --------- 14763 
  01/09/2008 23:10     C:\WINDOWS\KB943485.log --------- 8677 
  01/09/2008 23:10     C:\WINDOWS\KB944653.log --------- 8445 
  01/09/2008 23:10     C:\WINDOWS\KB925398.log --------- 10043 
  01/09/2008 23:10     C:\WINDOWS\KB953839.log --------- 7985 
  01/09/2008 23:10     C:\WINDOWS\KB950974.log --------- 8636 
  01/09/2008 23:10     C:\WINDOWS\KB936021.log --------- 8152 
  01/09/2008 23:10     C:\WINDOWS\KB929399.log --------- 8375 
  01/09/2008 23:10     C:\WINDOWS\KB931261.log --------- 7656 
  01/09/2008 23:09     C:\WINDOWS\KB935840.log --------- 7582 
  27/08/2008 19:24     C:\WINDOWS\DirectX.log --------- 9997 
  27/08/2008 14:48     C:\WINDOWS\OEWABLog.txt --------- 1672 
  27/08/2008 14:42     C:\WINDOWS\PFRO.log --------- 7762 
  27/08/2008 13:47     C:\WINDOWS\regopt.log --------- 1720 
  27/08/2008 13:47     C:\WINDOWS\system.ini --------- 150 
  27/08/2008 13:47     C:\WINDOWS\setuperr.log --------- 0 
  27/08/2008 12:25     C:\WINDOWS\MSCompPackV1.log --------- 3431 
  27/08/2008 12:25     C:\WINDOWS\wmp11-64.log --------- 11602 
  27/08/2008 12:25     C:\WINDOWS\wmsetup10.log --------- 1855 
  27/08/2008 12:25     C:\WINDOWS\win.ini --------- 431 
  27/08/2008 12:25     C:\WINDOWS\WMFDist11-64.log --------- 22075 
  27/08/2008 12:25     C:\WINDOWS\Wudf01000Inst.log --------- 6785 
  27/08/2008 12:08     C:\WINDOWS\DIFx.log --------- 1599 
  27/08/2008 12:03     C:\WINDOWS\nsreg.dat --------- 0 
  27/08/2008 11:55     C:\WINDOWS\setuplog.txt --------- 874042 
  27/08/2008 11:52     C:\WINDOWS\control.ini --------- 0 
  27/08/2008 11:52     C:\WINDOWS\WMSysPr9.prx --------- 316640 
  27/08/2008 11:52     C:\WINDOWS\ODBCINST.INI --------- 4161 
  27/08/2008 11:51     C:\WINDOWS\WindowsShell.Manifest --------- 749 
  27/08/2008 11:50     C:\WINDOWS\sessmgr.setup.log --------- 849 
  27/08/2008 11:50     C:\WINDOWS\vbaddin.ini --------- 37 
  27/08/2008 11:50     C:\WINDOWS\vb.ini --------- 36 
  27/08/2008 11:50     C:\WINDOWS\DtcInstall.log --------- 1328 
  27/08/2008 11:49     C:\WINDOWS\cmsetacl.log --------- 200 
  19/04/2007 08:32     C:\WINDOWS\neoqaz2.dll --------- 8 
  18/02/2007 11:16     C:\WINDOWS\SET3.tmp --------- 1042159 
  18/02/2007 10:59     C:\WINDOWS\regedit.exe --------- 224768 
  18/02/2007 10:58     C:\WINDOWS\SET4.tmp --------- 1110063 
  18/02/2007 10:53     C:\WINDOWS\SET6.tmp --------- 15802 
  18/02/2007 10:46     C:\WINDOWS\adfs.msp --------- 1099264 
  17/02/2007 00:55     C:\WINDOWS\splwow64.exe --------- 38400 
  17/02/2007 00:28     C:\WINDOWS\hh.exe --------- 12288 
  17/02/2007 00:20     C:\WINDOWS\explorer.exe --------- 1364480 
  06/03/2006 15:36     C:\WINDOWS\filespec7x --------- 45 
  25/03/2005 14:00     C:\WINDOWS\desktop.ini --------- 2 
  25/03/2005 14:00     C:\WINDOWS\dialer.exe --------- 72192 
  25/03/2005 14:00     C:\WINDOWS\Soap Bubbles.bmp --------- 65978 
  25/03/2005 14:00     C:\WINDOWS\Prairie Wind.bmp --------- 65954 
  25/03/2005 14:00     C:\WINDOWS\msdfmap.ini --------- 1405 
  25/03/2005 14:00     C:\WINDOWS\Rhododendron.bmp --------- 17362 
  25/03/2005 14:00     C:\WINDOWS\Coffee Bean.bmp --------- 17062 
  25/03/2005 14:00     C:\WINDOWS\twain.dll --------- 94784 
  25/03/2005 14:00     C:\WINDOWS\twain_32.dll --------- 51712 
  25/03/2005 14:00     C:\WINDOWS\twunk_16.exe --------- 49680 
  25/03/2005 14:00     C:\WINDOWS\twunk_32.exe --------- 27136 
  25/03/2005 14:00     C:\WINDOWS\River Sumida.bmp --------- 26680 
  25/03/2005 14:00     C:\WINDOWS\explorer.scf --------- 80 
  25/03/2005 14:00     C:\WINDOWS\FeatherTexture.bmp --------- 16730 
  25/03/2005 14:00     C:\WINDOWS\mib.bin --------- 46907 
  25/03/2005 14:00     C:\WINDOWS\Gone Fishing.bmp --------- 17336 
  25/03/2005 14:00     C:\WINDOWS\Blue Lace 16.bmp --------- 1272 
  25/03/2005 14:00     C:\WINDOWS\winhlp32.exe --------- 285696 
  25/03/2005 14:00     C:\WINDOWS\winnt.bmp --------- 144128 
  25/03/2005 14:00     C:\WINDOWS\winnt256.bmp --------- 144128 
  25/03/2005 14:00     C:\WINDOWS\Greenstone.bmp --------- 26582 
  25/03/2005 14:00     C:\WINDOWS\Santa Fe Stucco.bmp --------- 65832 
  25/03/2005 14:00     C:\WINDOWS\NOTEPAD.EXE --------- 88064 
  25/03/2005 14:00     C:\WINDOWS\Zapotec.bmp --------- 9522 
  03/01/2005 12:18     C:\WINDOWS\CTDVAUDY.CDF --------- 4958588 
  25/06/2004 10:47     C:\WINDOWS\CTDV10K1.CDF --------- 3377466 
  15/11/2001 15:25     C:\WINDOWS\CTDV10K2.CDF --------- 3735544 
----------------------------------------

 
C:\WINDOWS\System

 07/06/2005 20:58    C:\WINDOWS\System\CRLDS3D.DLL --------- 765952 
----------------------------------------

 
C:\WINDOWS\System32

 07/09/2008 10:21     C:\WINDOWS\system32\perfh009.dat --------- 471784 
 07/09/2008 10:21     C:\WINDOWS\system32\perfc009.dat --------- 81032 
 07/09/2008 10:21     C:\WINDOWS\system32\PerfStringBackup.INI --------- 561914 
 07/09/2008 10:17     C:\WINDOWS\system32\nvapps.xml --------- 198612 
 06/09/2008 23:52     C:\WINDOWS\system32\BMXStateBkp-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx --------- 61520 
 06/09/2008 23:52     C:\WINDOWS\system32\BMXState-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx --------- 61520 
 06/09/2008 23:52     C:\WINDOWS\system32\DVCState-{00000004-00000000-00000000-00001102-00000005-00211102}.rfx --------- 788 
 06/09/2008 22:05     C:\WINDOWS\system32\CatRoot2 --------- 0 
 06/09/2008 14:47     C:\WINDOWS\system32\drivers --------- 0 
 06/09/2008 14:46     C:\WINDOWS\system32\dllcache --------- 0 
 06/09/2008 14:46     C:\WINDOWS\system32\ReinstallBackups --------- 0 
 05/09/2008 14:57     C:\WINDOWS\system32\DRVSTORE --------- 0 
 02/09/2008 21:20     C:\WINDOWS\system32\wpa.dbl --------- 2206 
 02/09/2008 21:20     C:\WINDOWS\system32\FNTCACHE.DAT --------- 134872 
 01/09/2008 23:12     C:\WINDOWS\system32\settingsbkup.sfm --------- 1080 
 01/09/2008 23:12     C:\WINDOWS\system32\settings.sfm --------- 1080 
 01/09/2008 23:11     C:\WINDOWS\system32\TZLog.log --------- 208256 
 29/08/2008 19:43     C:\WINDOWS\system32\DVCState-{00000002-00000000-00000000-00001102-00000005-00211102}.rfx --------- 788 
 29/08/2008 19:43     C:\WINDOWS\system32\BMXStateBkp-{00000002-00000000-00000000-00001102-00000005-00211102}.rfx --------- 61616 
 29/08/2008 19:43     C:\WINDOWS\system32\BMXState-{00000002-00000000-00000000-00001102-00000005-00211102}.rfx --------- 61616 
 27/08/2008 13:49     C:\WINDOWS\system32\h323log.txt --------- 0 
 27/08/2008 13:47     C:\WINDOWS\system32\pid.PNF --------- 2348 
 27/08/2008 13:47     C:\WINDOWS\system32\CatRoot --------- 0 
 27/08/2008 13:46     C:\WINDOWS\system32\en --------- 0 
 27/08/2008 13:46     C:\WINDOWS\system32\usmt --------- 0 
 27/08/2008 13:45     C:\WINDOWS\system32\Setup --------- 0 
 27/08/2008 13:44     C:\WINDOWS\system32\en-US --------- 0 
 27/08/2008 13:44     C:\WINDOWS\system32\ras --------- 0 
 27/08/2008 13:44     C:\WINDOWS\system32\spool --------- 0 
 27/08/2008 13:44     C:\WINDOWS\system32\icsxml --------- 0 
 27/08/2008 13:44     C:\WINDOWS\system32\npp --------- 0 
 27/08/2008 13:43     C:\WINDOWS\system32\1033 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\mui --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\1031 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\1028 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\1025 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\2052 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\1037 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\IME --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\3076 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\1054 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\1041 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\1042 --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\3com_dmi --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\ShellExt --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\wins --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\dhcp --------- 0 
 27/08/2008 13:42     C:\WINDOWS\system32\export --------- 0 
 27/08/2008 12:25     C:\WINDOWS\system32\LogFiles --------- 0 
 27/08/2008 12:15     C:\WINDOWS\system32\wrap_oal.dll --------- 419840 
 27/08/2008 12:15     C:\WINDOWS\system32\OpenAL32.dll --------- 133632 
 27/08/2008 12:14     C:\WINDOWS\system32\Data --------- 0 
 27/08/2008 12:00     C:\WINDOWS\system32\config --------- 0 
 27/08/2008 11:57     C:\WINDOWS\system32\SoftwareDistribution --------- 0 
 27/08/2008 11:56     C:\WINDOWS\system32\Restore --------- 0 
 27/08/2008 11:56     C:\WINDOWS\system32\Microsoft --------- 0 
 27/08/2008 11:55     C:\WINDOWS\system32\$winnt$.inf --------- 1036 
 27/08/2008 11:52     C:\WINDOWS\system32\wbem --------- 0 
 27/08/2008 11:52     C:\WINDOWS\system32\clients --------- 0 
 27/08/2008 11:52     C:\WINDOWS\system32\inetsrv --------- 0 
 27/08/2008 11:51     C:\WINDOWS\system32\sapi.cpl.manifest --------- 749 
 27/08/2008 11:51     C:\WINDOWS\system32\nwc.cpl.manifest --------- 749 
 27/08/2008 11:51     C:\WINDOWS\system32\ncpa.cpl.manifest --------- 749 
 27/08/2008 11:51     C:\WINDOWS\system32\wuaucpl.cpl.manifest --------- 749 
 27/08/2008 11:51     C:\WINDOWS\system32\cdplayer.exe.manifest --------- 749 
 27/08/2008 11:51     C:\WINDOWS\system32\oobe --------- 0 
 27/08/2008 11:50     C:\WINDOWS\system32\Com --------- 0 
 27/08/2008 11:50     C:\WINDOWS\system32\emptyregdb.dat --------- 22588 
 27/08/2008 11:50     C:\WINDOWS\system32\MsDtc --------- 0 
 05/08/2008 11:12     C:\WINDOWS\system32\MRT.exe --------- 17084536 
 02/08/2008 12:20     C:\WINDOWS\system32\nvmctray.dll --------- 75776 
 02/08/2008 12:20     C:\WINDOWS\system32\nvoglnt.dll --------- 13173248 
 02/08/2008 12:20     C:\WINDOWS\system32\nvmccssr.dll --------- 448512 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsar.dll --------- 331776 
 02/08/2008 12:20     C:\WINDOWS\system32\nvmccss.dll --------- 283136 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrscs.dll --------- 245760 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsda.dll --------- 253952 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsde.dll --------- 278528 
 02/08/2008 12:20     C:\WINDOWS\system32\nvmccsrs.dll --------- 35328 
 02/08/2008 12:20     C:\WINDOWS\system32\nvmccs.dll --------- 258560 
 02/08/2008 12:20     C:\WINDOWS\system32\nview64.dll --------- 1275904 
 02/08/2008 12:20     C:\WINDOWS\system32\nvgamesr.dll --------- 3447808 
 02/08/2008 12:20     C:\WINDOWS\system32\nvgames.dll --------- 5041664 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrseng.dll --------- 245760 
 02/08/2008 12:20     C:\WINDOWS\system32\nvdispsr.dll --------- 5790720 
 02/08/2008 12:20     C:\WINDOWS\system32\nvdisps.dll --------- 4319232 
 02/08/2008 12:20     C:\WINDOWS\system32\nvdisp.nvu --------- 18335 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrses.dll --------- 282624 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsesm.dll --------- 274432 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsfi.dll --------- 249856 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsfr.dll --------- 282624 
 02/08/2008 12:20     C:\WINDOWS\system32\nvcuda.dll --------- 2007040 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrshe.dll --------- 331776 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrshu.dll --------- 258048 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsit.dll --------- 278528 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsja.dll --------- 270336 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsko.dll --------- 262144 
 02/08/2008 12:20     C:\WINDOWS\system32\nvrsnl.dll --------- 274432 
 02/08/2008 12:20     C:\WINDOWS\system32\nvnt4cpl.dll --------- 292864 
 02/08/2008 12:20     C:\WINDOWS\system32\nvcpluir.dll --------- 1097248 
----------------------------------------

 
C:\WINDOWS\Prefetch

 07/09/2008 10:26     C:\WINDOWS\Prefetch\VERCLSID.EXE-3667BD89.pf --------- 24276 
 07/09/2008 10:25     C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf --------- 44856 
 07/09/2008 10:25     C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf --------- 85542 
 07/09/2008 10:25     C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf --------- 59880 
 07/09/2008 10:25     C:\WINDOWS\Prefetch\7ZG.EXE-04CCF0C9.pf --------- 12884 
 07/09/2008 10:25     C:\WINDOWS\Prefetch\7ZFM.EXE-0E30BD4B.pf --------- 40908 
 07/09/2008 10:21     C:\WINDOWS\Prefetch\WMIADAP.EXE-2DF425B2.pf --------- 30800 
 07/09/2008 10:19     C:\WINDOWS\Prefetch\FIREFOX.EXE-36A2037F.pf --------- 61254 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\AVAST.SETUP-032170A8.pf --------- 76588 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\PIDGIN.EXE-2B62BC81.pf --------- 106936 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\FLASHGOT.EXE-325EF7C2.pf --------- 20236 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\SSUPDATE.EXE-02FA9CA9.pf --------- 40190 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\THUNDERBIRD.EXE-351FDE08.pf --------- 121320 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\JUSCHED.EXE-2EF54684.pf --------- 16326 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\SIXENGINE.EXE-27B776BC.pf --------- 51388 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\CTXFISPI.EXE-0C0481BA.pf --------- 24662 
 07/09/2008 10:18     C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf --------- 1001868 
 06/09/2008 23:43     C:\WINDOWS\Prefetch\CONSOLCU.EXE-15AEEF96.pf --------- 74136 
 06/09/2008 23:42     C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf --------- 106024 
 06/09/2008 23:27     C:\WINDOWS\Prefetch\SPOOLSV.EXE-282F76A7.pf --------- 9122 
 06/09/2008 23:15     C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf --------- 17846 
 06/09/2008 22:54     C:\WINDOWS\Prefetch\NOTEPAD.EXE-01697EAB.pf --------- 16246 
 06/09/2008 22:54     C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-23F80748.pf --------- 49540 
 06/09/2008 22:52     C:\WINDOWS\Prefetch\SHUTDOWN.EXE-12DAD820.pf --------- 7766 
 06/09/2008 22:37     C:\WINDOWS\Prefetch\SCRIPT-FU.EXE-09B56D04.pf --------- 73348 
 06/09/2008 22:37     C:\WINDOWS\Prefetch\GIMP-2.4.EXE-38B407B3.pf --------- 84082 
 06/09/2008 22:28     C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf --------- 19806 
 06/09/2008 22:28     C:\WINDOWS\Prefetch\RUNDLL32.EXE-2E5AF1D7.pf --------- 19722 
 06/09/2008 21:48     C:\WINDOWS\Prefetch\KMPLAYER.EXE-1C594F3B.pf --------- 44274 
 06/09/2008 21:47     C:\WINDOWS\Prefetch\WMPLAYER.EXE-071838B5.pf --------- 87982 
 06/09/2008 21:47     C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --------- 9188 
 06/09/2008 21:40     C:\WINDOWS\Prefetch\TITAN QUEST.EXE-006ADA25.pf --------- 68040 
 06/09/2008 21:37     C:\WINDOWS\Prefetch\VLC.EXE-1BBF2178.pf --------- 134382 
 06/09/2008 21:36     C:\WINDOWS\Prefetch\DAEMON.EXE-32F4CED0.pf --------- 51248 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\PG2.EXE-261CD56D.pf --------- 15526 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\RAUI.EXE-3B2F4D89.pf --------- 33184 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\VOLPANLU.EXE-36922D68.pf --------- 57952 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\TSVNCACHE.EXE-2D798823.pf --------- 36254 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf --------- 67138 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf --------- 20778 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf --------- 24190 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\RUNONCE.EXE-2BF9A907.pf --------- 40502 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf --------- 23700 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\NVCPL32.EXE-36672BC4.pf --------- 5286 
 06/09/2008 21:07     C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf --------- 106494 
 06/09/2008 17:06     C:\WINDOWS\Prefetch\FDM.EXE-14FC5E2D.pf --------- 78132 
 06/09/2008 14:47     C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf --------- 10362 
 06/09/2008 14:46     C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf --------- 20404 
 06/09/2008 14:46     C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf --------- 33012 
 06/09/2008 14:43     C:\WINDOWS\Prefetch\RUNDLL32.EXE-24DBE541.pf --------- 29806 
 06/09/2008 14:39     C:\WINDOWS\Prefetch\ASHDISP.EXE-0B874892.pf --------- 28876 
 06/09/2008 14:39     C:\WINDOWS\Prefetch\CTHELPER.EXE-0DF73058.pf --------- 64972 
 06/09/2008 14:39     C:\WINDOWS\Prefetch\CTXFIHLP.EXE-010AB1B4.pf --------- 30554 
 06/09/2008 14:39     C:\WINDOWS\Prefetch\REGSVR32.EXE-0643B702.pf --------- 21554 
 06/09/2008 14:39     C:\WINDOWS\Prefetch\SUPERANTISPYWARE.EXE-28981A96.pf --------- 62466 
 06/09/2008 13:33     C:\WINDOWS\Prefetch\VUZE_WINDOWS.EXE-1219BA2F.pf --------- 48136 
 06/09/2008 13:33     C:\WINDOWS\Prefetch\JAVA.EXE-0C90741D.pf --------- 23288 
 06/09/2008 13:32     C:\WINDOWS\Prefetch\IS-LPM69.TMP-2256B058.pf --------- 21282 
 06/09/2008 13:32     C:\WINDOWS\Prefetch\PG2-050918-X64.EXE-04420F51.pf --------- 19794 
 06/09/2008 13:32     C:\WINDOWS\Prefetch\AU_.EXE-366C14EE.pf --------- 39168 
 06/09/2008 13:32     C:\WINDOWS\Prefetch\UNINSTALL.EXE-04B7409D.pf --------- 16826 
 06/09/2008 13:29     C:\WINDOWS\Prefetch\CONVERT.EXE-06836DBF.pf --------- 20062 
 06/09/2008 13:28     C:\WINDOWS\Prefetch\MIRO_MOVIEDATA.EXE-3B4854BF.pf --------- 34986 
 06/09/2008 13:26     C:\WINDOWS\Prefetch\MIRO_DOWNLOADER.EXE-1E8DC6CD.pf --------- 44674 
 06/09/2008 13:26     C:\WINDOWS\Prefetch\MIRO.EXE-2E3F42F0.pf --------- 105856 
 06/09/2008 13:26     C:\WINDOWS\Prefetch\MIRO.EXE-0DCB2E31.pf --------- 13652 
 06/09/2008 13:25     C:\WINDOWS\Prefetch\MIRO_INSTALLER.EXE-068D06BF.pf --------- 53142 
 06/09/2008 12:09     C:\WINDOWS\Prefetch\WAR EUROPE DOWNLOADER.EXE-10C3A1C8.pf --------- 71930 
 06/09/2008 12:05     C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf --------- 134542 
 06/09/2008 12:02     C:\WINDOWS\Prefetch\DUMPREP.EXE-1478FF4E.pf --------- 12800 
 06/09/2008 11:59     C:\WINDOWS\Prefetch\WAR EUROPE DOWNLOADER.EXE-061C96A6.pf --------- 51636 
 06/09/2008 11:50     C:\WINDOWS\Prefetch\IEXPLORE.EXE-2A67037C.pf --------- 57186 
 06/09/2008 11:50     C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf --------- 70570 
 06/09/2008 10:35     C:\WINDOWS\Prefetch\WMPSHARE.EXE-068AA591.pf --------- 51392 
 06/09/2008 10:34     C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf --------- 33938 
 06/09/2008 10:08     C:\WINDOWS\Prefetch\Layout.ini --------- 345624 
 06/09/2008 10:03     C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf --------- 71912 
 06/09/2008 00:08     C:\WINDOWS\Prefetch\CACLS.EXE-05376814.pf --------- 9826 
 05/09/2008 18:25     C:\WINDOWS\Prefetch\VERCLSID.EXE-16BC765C.pf --------- 17692 
 05/09/2008 18:24     C:\WINDOWS\Prefetch\MSIEXEC.EXE-054243A6.pf --------- 61712 
 05/09/2008 18:24     C:\WINDOWS\Prefetch\SUPERANTISPYWARE.EXE-3851FA4F.pf --------- 63040 
 05/09/2008 18:24     C:\WINDOWS\Prefetch\ASHDISP.EXE-24136137.pf --------- 28840 
 05/09/2008 15:08     C:\WINDOWS\Prefetch\PING.EXE-31216D26.pf --------- 9430 
 05/09/2008 14:57     C:\WINDOWS\Prefetch\AEGISI5.EXE-01F01AD5.pf --------- 34024 
 05/09/2008 14:57     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3A8CD514.pf --------- 16406 
 05/09/2008 14:57     C:\WINDOWS\Prefetch\INSTALL.EXE-29BA1D8B.pf --------- 51032 
 05/09/2008 14:56     C:\WINDOWS\Prefetch\WINX64.EXE-0C193985.pf --------- 4590 
 05/09/2008 13:44     C:\WINDOWS\Prefetch\HJTINSTALL.EXE-160E4828.pf --------- 36806 
 05/09/2008 13:24     C:\WINDOWS\Prefetch\MSCONFIG.EXE-35E4DAE9.pf --------- 32296 
 05/09/2008 12:52     C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf --------- 44012 
 05/09/2008 12:52     C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf --------- 66952 
 05/09/2008 12:52     C:\WINDOWS\Prefetch\MSINFO32.EXE-29BA7538.pf --------- 23326 
 05/09/2008 12:48     C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf --------- 45510 
 05/09/2008 12:45     C:\WINDOWS\Prefetch\CL.EXE-316A15E5.pf --------- 38916 
 05/09/2008 12:45     C:\WINDOWS\Prefetch\VCEXPRESS.EXE-1F2EB8A8.pf --------- 85918 
 05/09/2008 12:45     C:\WINDOWS\Prefetch\VSLAUNCHER.EXE-1239154F.pf --------- 18124 
 05/09/2008 12:44     C:\WINDOWS\Prefetch\VCBUILDHELPER.EXE-233E5D6D.pf --------- 8458 
 05/09/2008 11:18     C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf --------- 38314 
 05/09/2008 11:18     C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf --------- 13020 
 05/09/2008 10:57     C:\WINDOWS\Prefetch\SOFFICE.EXE-09A0B28C.pf --------- 38140 
 05/09/2008 10:57     C:\WINDOWS\Prefetch\SOFFICE.BIN-119047B3.pf --------- 56648 
 05/09/2008 10:57     C:\WINDOWS\Prefetch\SCALC.EXE-36CB01EC.pf --------- 13460 
 05/09/2008 10:53     C:\WINDOWS\Prefetch\STCLIENT_WRAPPER.EXE-14995475.pf --------- 13132 
 05/09/2008 10:52     C:\WINDOWS\Prefetch\SWRITER.EXE-0CBD15CD.pf --------- 20084 
 05/09/2008 10:43     C:\WINDOWS\Prefetch\LINK.EXE-23B354DF.pf --------- 112050 
 05/09/2008 10:41     C:\WINDOWS\Prefetch\MT.EXE-16109A49.pf --------- 66896 
 05/09/2008 10:41     C:\WINDOWS\Prefetch\CMD.EXE-2D711B34.pf --------- 12450 
 05/09/2008 10:30     C:\WINDOWS\Prefetch\MSPDBSRV.EXE-280CD834.pf --------- 43722 
 05/09/2008 10:20     C:\WINDOWS\Prefetch\PHRAGAGAME.EXE-07735EF3.pf --------- 94364 
 05/09/2008 10:19     C:\WINDOWS\Prefetch\NOTEPAD++.EXE-02A8A383.pf --------- 46482 
 05/09/2008 10:19     C:\WINDOWS\Prefetch\GUP.EXE-2E4D4C90.pf --------- 20264 
 05/09/2008 10:03     C:\WINDOWS\Prefetch\WMPLAYER.EXE-071838B4.pf --------- 95872 
 05/09/2008 09:58     C:\WINDOWS\Prefetch\XCOPY.EXE-21FC761A.pf --------- 21520 
 05/09/2008 09:49     C:\WINDOWS\Prefetch\DMADMIN.EXE-00BCB146.pf --------- 21842 
 05/09/2008 09:49     C:\WINDOWS\Prefetch\VDS.EXE-0504BAFA.pf --------- 26208 
 05/09/2008 09:49     C:\WINDOWS\Prefetch\VDSLDR.EXE-25D66D3B.pf --------- 24800 
 05/09/2008 09:49     C:\WINDOWS\Prefetch\MMC.EXE-0A5AF4A1.pf --------- 79934 
 05/09/2008 09:46     C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf --------- 38108 
 05/09/2008 09:34     C:\WINDOWS\Prefetch\RUNDLL32.EXE-3C60B6AD.pf --------- 11420 
 05/09/2008 09:33     C:\WINDOWS\Prefetch\RUNDLL32.EXE-24403076.pf --------- 19390 
 05/09/2008 09:33     C:\WINDOWS\Prefetch\RUNDLL32.EXE-44C091B4.pf --------- 32476 
 05/09/2008 09:01     C:\WINDOWS\Prefetch\QT-WIN-OPENSOURCE-4.4.1-MINGW-326CFEF6.pf --------- 52940 
 04/09/2008 20:32     C:\WINDOWS\Prefetch\RUNDLL32.EXE-143AED1A.pf --------- 43014 
 04/09/2008 20:32     C:\WINDOWS\Prefetch\RFSTOOL.EXE-14746E55.pf --------- 10304 
 04/09/2008 20:31     C:\WINDOWS\Prefetch\YAREG.EXE-36F0FAB4.pf --------- 53578 
 04/09/2008 20:02     C:\WINDOWS\Prefetch\IMGBURN.EXE-3B294CA7.pf --------- 40830 
 04/09/2008 16:50     C:\WINDOWS\Prefetch\FOXITR~1.EXE-22968BE1.pf --------- 59036 
 04/09/2008 14:43     C:\WINDOWS\Prefetch\CHROME.EXE-15605B27.pf --------- 67236 
 04/09/2008 14:37     C:\WINDOWS\Prefetch\WOW_HELPER.EXE-211F5BA3.pf --------- 4204 
 04/09/2008 12:01     C:\WINDOWS\Prefetch\RUNDLL32.EXE-35A483DA.pf --------- 23472 
----------------------------------------

 
C:\WINDOWS\Tasks

 07/09/2008 10:17     C:\WINDOWS\Tasks\SA.DAT --------- 6 
 06/09/2008 23:52     C:\WINDOWS\Tasks\SchedLgU.Txt --------- 15694 
 25/03/2005 14:00     C:\WINDOWS\Tasks\desktop.ini --------- 65 
----------------------------------------

 
C:\WINDOWS\Temp

 07/09/2008 10:17     C:\WINDOWS\Temp\_avast4_ --------- 0 
 13/03/2007 10:33     C:\WINDOWS\Temp\ctpxst64.exe --------- 99064 
 13/03/2007 10:32     C:\WINDOWS\Temp\ctpxst32.exe --------- 89336 
 26/02/2007 15:34     C:\WINDOWS\Temp\cttele64.dll --------- 102912 
 26/02/2007 15:24     C:\WINDOWS\Temp\cttele32.dll --------- 94208 
----------------------------------------

 
C:\DOCUME~1\Carsten\LOCALS~1\Temp

 07/09/2008 10:18      C:\DOCUME~1\Carsten\LOCALS~1\Temp\etilqs_acTMSfALyZwg4NeldZNW --------- 28700 
 07/09/2008 10:17      C:\DOCUME~1\Carsten\LOCALS~1\Temp\~DF72F0.tmp --------- 65536 
 06/09/2008 13:33      C:\DOCUME~1\Carsten\LOCALS~1\Temp\~DFC0E7.tmp --------- 114688 
 06/09/2008 12:00      C:\DOCUME~1\Carsten\LOCALS~1\Temp\~DF768B.tmp --------- 311296 
 03/09/2008 01:40      C:\DOCUME~1\Carsten\LOCALS~1\Temp\~DF9159.tmp --------- 16384 
 30/08/2008 21:11      C:\DOCUME~1\Carsten\LOCALS~1\Temp\~DFA892.tmp --------- 65536 
 29/08/2008 19:52      C:\DOCUME~1\Carsten\LOCALS~1\Temp\etilqs_CL6OFe8aoQIYQ3ZkeM81 --------- 28700 
 29/08/2008 18:42      C:\DOCUME~1\Carsten\LOCALS~1\Temp\~DFEC3A.tmp --------- 49152 
 28/08/2008 21:35      C:\DOCUME~1\Carsten\LOCALS~1\Temp\etilqs_G2B8MZOWXLGVzZ1mDgPS --------- 28700 
----------------------------------------

 
C:\Program Files

----------------------------------------

 
C:\Documents and Settings\All Users\.. 

Carsten    
Administrator    
Admin    
LocalService    
NetworkService    
Default User    
All Users    
----------------------------------------

 
C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1       localhost

----------------------------------------

 

Image Name                     PID Session Name        Session#    Mem Usage
========================= ======== ================ =========== ============
System Idle Process              0 Console                    0         24 K
System                           4 Console                    0        260 K
smss.exe                       336 Console                    0        660 K
csrss.exe                      384 Console                    0      4,820 K
winlogon.exe                   408 Console                    0      4,956 K
services.exe                   456 Console                    0      5,172 K
lsass.exe                      468 Console                    0      2,508 K
svchost.exe                    648 Console                    0      3,892 K
svchost.exe                    716 Console                    0      5,120 K
svchost.exe                    760 Console                    0     33,016 K
svchost.exe                    800 Console                    0      6,540 K
svchost.exe                    844 Console                    0      7,332 K
aswUpdSv.exe                   872 Console                    0        360 K
ashServ.exe                    892 Console                    0     10,768 K
spoolsv.exe                   1172 Console                    0      6,716 K
CTAudSvc.exe                  1212 Console                    0      5,112 K
explorer.exe                  1460 Console                    0     39,080 K
TSVNCache.exe                 1624 Console                    0     14,160 K
rundll32.exe                  1680 Console                    0      4,472 K
ProfilerU.exe                 1708 Console                    0      5,192 K
SaiMfd.exe                    1716 Console                    0      4,028 K
SUPERAntiSpyware.exe          1740 Console                    0        960 K
pg2.exe                       1768 Console                    0      3,512 K
ashDisp.exe                   1792 Console                    0      1,856 K
CtHelper.exe                  1816 Console                    0      6,088 K
Ctxfihlp.exe                  1824 Console                    0      7,436 K
VolPanlu.exe                  1832 Console                    0     15,696 K
RaUI.exe                      1864 Console                    0      8,736 K
SixEngine.exe                 1872 Console                    0     21,456 K
svchost.exe                   1988 Console                    0      3,108 K
jusched.exe                   1996 Console                    0      4,448 K
nvsvc64.exe                    244 Console                    0      5,128 K
svchost.exe                    168 Console                    0      4,756 K
CTxfispi.exe                  2288 Console                    0     11,008 K
ashMaiSv.exe                  2504 Console                    0      1,328 K
wmiprvse.exe                  2516 Console                    0      7,740 K
alg.exe                       2776 Console                    0      4,248 K
firefox.exe                   2888 Console                    0    112,908 K
thunderbird.exe               2932 Console                    0     32,156 K
pidgin.exe                    2984 Console                    0      6,768 K
cmd.exe                       1324 Console                    0      4,004 K
wmiprvse.exe                  1596 Console                    0      7,372 K
tasklist.exe                   428 Console                    0      5,196 K

 
***** Ende des Scans 07/09/2008 um 10:27:02.85 ***

**Petra** · 07.09.2008, 09:53

Hallo Carsten,

danke Dir, wieder was gelernt

.

Ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden. Bevor wir anfangen, hier noch ein paar lästige, aber wichtige Punkte, die zu beachten sind: Respektiere unsere Forenregeln und sei nicht zu ungeduldig, wenn es mal etwas länger dauert, bis wir antworten.

Es ist wichtig, dass Du solange mitarbeitest, bis alle Punkte abgearbeitet sind und das Signal kommt, dass die Bereinigung beendet ist, auch wenn die Symptome vielleicht schon nach den ersten Aktionen verschwunden sein sollten. Wenn Dir etwas unklar ist oder etwas nicht (wie geplant) funktioniert, bitte nachfragen, bevor Du weitermachst. Bitte alle Logfiles in Code-Tags posten. Du kannst Deine Beiträge über den "Ändern-Button" jederzeit ergänzen/ändern/löschen. Wichtig: Während unserer Reinigungphase nur Programme installieren und Scans durchführen, die wir anordnen. Vista User: Bitte alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und "als Administrator ausführen" starten.

Wenn Du dazu bereit bist, arbeite die folgenden Punkte in der vorgegebenen Reihenfolge ab und berichte mir zu jedem Punkt, ob Du ihn abgearbeitet hast bzw. welche Probleme evtl. aufgetreten sind.

===== Punkt 1 =====

Systemdetails mit RSIT prüfen

Lade Random's System Information Tool (RSIT) von random/random herunter,
speichere es auf Deinem Desktop.
Starte mit Doppelklick die RSIT.exe.
Klicke auf Continue, um die Nutzungsbedingungen zu akzeptieren.
Wenn Du HijackThis nicht installiert hast, wird RSIT das für Dich herunterladen und installieren.
In dem Fall bitte auch die Nutzungsbedingungen von Trend Micro für HJT akzeptieren I accept.
Wenn Deine Firewall fragt, bitte RSIT erlauben, ins Netz zu gehen.
Der Scan startet automatisch, RSIT checkt nun einige wichtige System-Bereiche und produziert Logfiles als Analyse-Grundlage.
Wenn der Scan beendet ist, werden zwei Logfiles erstellt und in Deinem Editor geöffnet.
Bitte poste den Inhalt von C:\rsit\log.txt und C:\rsit\info.txt (<= minimiert) hier in den Thread.

Bei nötigen Folgescans das Tool immer wie folgt starten:
Start => ausführen => "%userprofile%\desktop\rsit.exe" /info (reinkopieren),
damit die alten Logdateien überschrieben werden.

===== Punkt 2 =====

Kontrolle, ob Master Boot Record in Ordnung ist (MBR-Rootkit)

Downloade die MBR.exe von Gmer und
speichere das Programm auf Deinem Desktop.
Mache einen Doppelklick auf das Programm, um es zu starten.
Wenn Dein Antiviren-Programm anschlägt, bitte ignorieren bzw. die Aktion zulassen.
Nun wirst Du ein Logfile auf Deinem Desktop namens mbr.log finden.
Poste mir den Inhalt dieser Logdatei hier in den Thread.

===== Punkt 3 =====Rootkit-Suche

Was sind Rootkits?
Also, Rootkits sind spezielle (meist schädliche) Softwarepakete mit einer besonders unangenehmen Eigenschaft: diese freundlichen Gesellen 'verbiegen' interne Kontrollstrukturen von Windows so, dass sie sich sehr hartnäckig verstecken können. Ist ein Rootkit erst einmal aktiv, so kann es aus dem laufenden System heraus schwierig bis unmöglich sein, die dazugehörigen Prozesse und Dateien ausfindig zu machen, weil das Rootkit im Hintergrund lügt, dass sich die Balken biegen - ein solches System ist nicht mehr vertrauenswürdig. Daher finden 'normale' AntiVirusprogramme nichts und melden "Alles okay" - aber der Schein trügt.

Einige Scans auf Dateien, Prozesse und Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter und entpacke es auf den Desktop.
Starte gmer.exe. Alle anderen Programme sollen geschlossen sein.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
Füge das Log aus der Zwischenablage in Deine Antwort hier ein.

Catchme scannen lassen

Lade Dir Catchme runter auf den Desktop.
Starte Catchme.exe. Alle anderen Programme sollen geschlossen sein. Mit "Scan" starten.
Falls nach dem Ende des Scans im Fenster Dateien stehen, dann klicke auf "Zip" damit eine Kopie dieser Dateien erzeugt wird. Die Dateien werden dabei nicht entfernt.
Das Log ist in catchme.log, füge es vollständig in Deine Antwort ein.

RootkitRevealer scannen lassen

Lade RootkitRevealer runter und entpacke das Archiv in einen eigenen Ordner, z. B. C:\Programme\Rootkitrevealer.
Starte in diesem Ordner RootkitRevealer.exe. Alle anderen Programme schließen.
Starte durch Klick auf "Scan".
Wenn der Scan fertig ist das Logfile mit File => Save abspeichern.

Blacklight scannen lassen

Lade F-Secure Blacklight (siehe Downloads ziemlich weit unten) runter in einen eigenen Ordner, z. B. C:\Programme\Blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem oder diesem Link (veraltete Version, aber es wird die aktuelle Version nachgeladen).
Starte in diesem Ordner fsbl.exe. Alle anderen Programme schließen.
Klick "I accept the agreement", "next", "Scan".
Wenn der Scan fertig ist beende Blacklight mit "Close".
Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun alle Logs in Code-Tags posten.

**BloodyFanatic** · 07.09.2008, 11:23

Also:

1. Punkt:
RSIT runtergeladen und versucht, auszuführen: Absturz des Programms. HJT ist installiert (vorher schon) Ich habe nen screenshot vom fehler gemacht, ist im Anhang.

2. Punkt:

Code:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: error reading MBR

3. Punkt:

Gmer auf allen Partitionen scannen lassen, ohne internet verbindung und laufenden antiviren scanner. Ich weiß nicht genau, wie lange er lief, aber er scheint sich dabei aufgehangen zuhaben. jedenfalls hatte er 1,6 GB arbeitsspeicher gefüllt und reagierte nicht mehr (siehe auch anhang)

*neustart*

catchme log:

Code:

detected NTDLL code modification:
ZwEnumerateKey 0 != 47, ZwQueryKey 0 != 19, ZwOpenKey 0 != 15, ZwClose 0 != 12, ZwEnumerateValueKey 0 != 16, ZwQueryValueKey 0 != 20, ZwOpenFile 0 != 48, ZwQueryDirectoryFile 0 != 50, ZwQuerySystemInformation 0 != 51Initialization error

*neustart*

der rootkitrevealer startet erst gar nicht, keine ahnung warum nicht.
(runtergeladen, entpackt und ausgeführt ohne sonstige laufende programme)

*neustart*

blacklight log:

Code:

09/07/08 12:02:05 [Info]: BlackLight Engine 1.0.70 initialized
09/07/08 12:02:05 [Info]: OS: 5.2 build 3790 (Service Pack 2)
09/07/08 12:02:05 [Note]: 7019 4
09/07/08 12:02:05 [Note]: 7005 0
09/07/08 12:02:07 [Note]: 7006 0
09/07/08 12:02:07 [Note]: 7027 0
09/07/08 12:02:07 [Note]: 7035 0
09/07/08 12:02:07 [Note]: 7026 0
09/07/08 12:02:07 [Note]: 7026 0
09/07/08 12:02:08 [Note]: FSRAW library version 1.7.1024
09/07/08 12:02:44 [Note]: 2000 1012
09/07/08 12:02:50 [Note]: 7007 0

mfg
Carsten

**Petra** · 07.09.2008, 11:27

gut, dann müssen wir ein anderes Tool versuchen.

Systemscan mit OtViewIt

Bitte lade OtViewIt von OldTimer herunter und speichere das Programm auf Deinem Desktop.

Schließe alle Anwendungen inkl. Browser.
Mache während des Scans nichts anderes an dem Rechner und klicke nicht in das Programm-Fenster.
Starte das Programm durch einen Doppelklick auf die OTViewIt.exe.
Mache einen Haken bei "Scan All Users".
Klicke auf den Button "Run Scan" links oben, um die Untersuchung zu starten
(bitte ohne Anweisung keine Änderungen der Einstellungen vornehmen).
Das Programm wird einige wichtige Bereiche Deines Systems prüfen und zwei Berichte erstellen.
Lasse das Programm in Ruhe scannen, bis es fertig ist.
Wenn der Scan durchgeführt ist (Scan complete!), öffnet sich der Editor mit einem Logfile.
Die Logfiles werden unter
C:\Dokumente und Einstellungen\<Benutzername>\Desktop\OtViewIt.Txt und
C:\Dokumente und Einstellungen\<Benutzername>\Desktop\Extras.Txt gespeichert.
Poste die Logfile in Code-Tags hier in den Thread.

**BloodyFanatic** · 07.09.2008, 11:37

OTViewIt:

Code:

OTViewIt logfile created on: 07/09/2008 12:34:27 - Run 2
OTViewIt by OldTimer - Version 1.0.1.8     Folder = C:\Documents and Settings\Carsten\Desktop
Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 83.30% Memory free
3.76 Gb Paging File | 3.39 Gb Available in Paging File | 90.36% Paging File free
Paging file location(s): 
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 25.00 Gb Total Space | 12.48 Gb Free Space | 49.90% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 29.90 Gb Free Space | 74.75% Space Free | Partition Type: NTFS
Drive E: | 150.00 Gb Total Space | 63.74 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
Drive F: | 25.00 Gb Total Space | 6.02 Gb Free Space | 24.10% Space Free | Partition Type: NTFS
Drive G: | 25.00 Gb Total Space | 8.45 Gb Free Space | 33.80% Space Free | Partition Type: NTFS
Drive H: | 245.76 Gb Total Space | 6.43 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive I: | 245.76 Gb Total Space | 6.48 Gb Free Space | 2.64% Space Free | Partition Type: NTFS
Drive J: | 45.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: CASI
Current User Name: Carsten
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Whitelist: On

===== Processes - Non-Microsoft Only =====

[07/19/2008 04:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[07/19/2008 04:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe
[07/19/2008 04:38 PM | 00,078,008 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[05/14/2008 06:42 PM | 05,958,656 | ---- | M] () - C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe

===== Win32 Services - Non-Microsoft Only =====

(aswUpdSv) avast! iAVS4 Control Service [Auto | Running] 
[07/19/2008 04:25 PM | 00,016,056 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

(avast! Antivirus) avast! Antivirus [Auto | Running] 
[07/19/2008 04:38 PM | 00,147,640 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashServ.exe

(avast! Mail Scanner) avast! Mail Scanner [On_Demand | Stopped] 
[07/19/2008 04:38 PM | 00,250,040 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

(avast! Web Scanner) avast! Web Scanner [On_Demand | Stopped] 
[07/23/2008 04:25 PM | 00,348,344 | ---- | M] (ALWIL Software) - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

(Creative Audio Engine Licensing Service) Creative Audio Engine Licensing Service [On_Demand | Stopped] 
[08/27/2008 12:17 PM | 00,079,360 | ---- | M] (Creative Labs) - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

(dmadmin) Logical Disk Manager Administrative Service [On_Demand | Stopped] 
File not found - %SystemRoot%\System32\dmadmin.exe

(Eventlog) Event Log [Auto | Running] 
File not found - %SystemRoot%\system32\services.exe

(HTTPFilter) HTTP SSL [On_Demand | Stopped] 
File not found - %SystemRoot%\System32\lsass.exe

(ImapiService) IMAPI CD-Burning COM Service [On_Demand | Stopped] 
File not found - C:\WINDOWS\system32\imapi.exe

(MSDTC) Distributed Transaction Coordinator [On_Demand | Stopped] 
File not found - C:\WINDOWS\system32\msdtc.exe

(Netlogon) Net Logon [On_Demand | Stopped] 
File not found - %SystemRoot%\system32\lsass.exe

(NtLmSsp) NT LM Security Support Provider [On_Demand | Stopped] 
File not found - %SystemRoot%\system32\lsass.exe

(NVSvc) NVIDIA Display Driver Service [Auto | Running] 
File not found - %SystemRoot%\system32\nvsvc64.exe

(PlugPlay) Plug and Play [Auto | Running] 
File not found - %SystemRoot%\system32\services.exe

(PolicyAgent) IPSEC Services [Auto | Running] 
File not found - %SystemRoot%\system32\lsass.exe

(ProtectedStorage) Protected Storage [Auto | Running] 
File not found - %SystemRoot%\system32\lsass.exe

(RDSessMgr) Remote Desktop Help Session Manager [On_Demand | Stopped] 
File not found - C:\WINDOWS\system32\sessmgr.exe

(SamSs) Security Accounts Manager [Auto | Running] 
File not found - %SystemRoot%\system32\lsass.exe

(TlntSvr) Telnet [Disabled | Stopped] 
File not found - C:\WINDOWS\system32\tlntsvr.exe

(vds) Virtual Disk Service [On_Demand | Stopped] 
File not found - %SystemRoot%\System32\vds.exe

(VSS) Volume Shadow Copy [On_Demand | Stopped] 
File not found - %SystemRoot%\System32\vssvc.exe

(WmiApSrv) WMI Performance Adapter [On_Demand | Stopped] 
File not found - C:\WINDOWS\system32\wbem\wmiapsrv.exe

===== Driver Services - Non-Microsoft Only =====

(ACPI) Microsoft ACPI Driver [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\ACPI.sys

(aec) Microsoft Kernel Acoustic Echo Canceller [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\drivers\aec.sys

(AegisP) AEGIS Protocol (IEEE 802.1x) v3.4.10.0 [Auto | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\AegisP.sys

(AFD) AFD [System | Running] 
File not found - C:\WINDOWS\System32\drivers\afd.sys

(AsIO) AsIO [System | Running] 
[12/17/2007 11:14 AM | 00,014,392 | ---- | M] () - C:\WINDOWS\SysWOW64\Drivers\AsIO.sys

(aswFsBlk) aswFsBlk [Auto | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys

(aswMonFlt) aswMonFlt [Auto | Running] 
File not found - 

(aswRdr) aswRdr [On_Demand | Running] 
File not found - 

(aswSP) avast! Self Protection [System | Running] 
File not found - 

(aswTdi) avast! Network Shield Support [System | Running] 
File not found - 

(AsyncMac) RAS Asynchronous Media Driver [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\asyncmac.sys

(Atmarpc) ATM ARP Client Protocol [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\atmarpc.sys

(audstub) Audio Stub Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\audstub.sys

(Beep) Beep [System | Running] 
File not found - 

(CCDECODE) Closed Caption Decoder [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\CCDECODE.sys

(CdaC15BA) CdaC15BA [Auto | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\CdaC15BA.sys

(CdaD10BA) CdaD10BA [Auto | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\CdaD10BA.sys

(Cdfs) Cdfs [Disabled | Running] 
File not found - 

(Cdrom) CD-ROM Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\cdrom.sys

(COMMONFX.DLL) COMMONFX.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\COMMONFX.DLL

(crcdisk) CRC Disk Filter Driver [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\crcdisk.sys

(CT20XUT.DLL) CT20XUT.DLL [On_Demand | Running] 
File not found - C:\WINDOWS\System32\CT20XUT.DLL

(ctac32k) Creative AC3 Software Decoder [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\ctac32k.sys

(ctaud2k) Creative  Audio Driver (WDM) [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\ctaud2k.sys

(CTAUDFX.DLL) CTAUDFX.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\CTAUDFX.DLL

(CTEAPSFX.DLL) CTEAPSFX.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\CTEAPSFX.DLL

(CTEDSPFX.DLL) CTEDSPFX.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\CTEDSPFX.DLL

(CTEDSPIO.DLL) CTEDSPIO.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\CTEDSPIO.DLL

(CTEDSPSY.DLL) CTEDSPSY.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\CTEDSPSY.DLL

(CTERFXFX.DLL) CTERFXFX.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\CTERFXFX.DLL

(CTEXFIFX.DLL) CTEXFIFX.DLL [On_Demand | Running] 
File not found - C:\WINDOWS\System32\CTEXFIFX.DLL

(CTHWIUT.DLL) CTHWIUT.DLL [On_Demand | Running] 
File not found - C:\WINDOWS\System32\CTHWIUT.DLL

(ctprxy2k) Creative Proxy Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\ctprxy2k.sys

(CTSBLFX.DLL) CTSBLFX.DLL [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\CTSBLFX.DLL

(ctsfm2k) Creative SoundFont Management Device Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\ctsfm2k.sys

(Disk) Disk Driver [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\disk.sys

(dmboot) dmboot [Disabled | Running] 
File not found - C:\WINDOWS\System32\drivers\dmboot.sys

(dmio) Logical Disk Manager Driver [Boot | Running] 
File not found - C:\WINDOWS\System32\drivers\dmio.sys

(dmload) dmload [Boot | Running] 
File not found - C:\WINDOWS\System32\drivers\dmload.sys

(emupia) E-mu Plug-in Architecture Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\emupia2k.sys

(Fips) Fips [System | Running] 
File not found - 

(FltMgr) FltMgr [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\fltMgr.sys

(Ftdisk) Volume Manager Driver [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\ftdisk.sys

(Gpc) Generic Packet Classifier [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\msgpc.sys

(ha20x2k) Creative 20X HAL Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\ha20x2k.sys

(hidusb) Microsoft HID Class Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\hidusb.sys

(HTTP) HTTP [On_Demand | Running] 
File not found - C:\WINDOWS\System32\Drivers\HTTP.sys

(iaStor) Intel AHCI Controller [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\iaStor.sys

(imapi) CD-Burning Filter Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\imapi.sys

(intelppm) Intel Processor Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\intelppm.sys

(Ip6Fw) IPv6 Windows Firewall Driver [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\Ip6Fw.sys

(IpFilterDriver) IP Traffic Filter Driver [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys

(IpInIp) IP in IP Tunnel Driver [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\ipinip.sys

(IpNat) IP Network Address Translator [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\ipnat.sys

(IPSec) IPSEC driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\ipsec.sys

(IRENUM) IR Enumerator Service [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\irenum.sys

(isapnp) PnP ISA/EISA Bus Driver [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\isapnp.sys

(Kbdclass) Keyboard Class Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\kbdclass.sys

(kbdhid) Keyboard HID Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\kbdhid.sys

(kmixer) Microsoft Kernel Wave Audio Mixer [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\kmixer.sys

(kncbda) KNC BDA DVB-C [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\kncbda64.sys

(KSecDD) KSecDD [Boot | Running] 
File not found - 

(ksthunk) Kernel Streaming WOW64 Thunk Service [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\ksthunk.sys

(mbr) mbr [On_Demand | Stopped] 
File not found - C:\DOCUME~1\Carsten\LOCALS~1\Temp\mbr.sys

(mnmdd) mnmdd [System | Running] 
File not found - 

(Mouclass) Mouse Class Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\mouclass.sys

(mouhid) Mouse HID Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\mouhid.sys

(MountMgr) Mount Point Manager [Boot | Running] 
File not found - 

(MPE) BDA MPE Filter [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\MPE.sys

(MRxDAV) WebDav Client Redirector [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\mrxdav.sys

(MRxSmb) MRxSmb [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

(Msfs) Msfs [System | Running] 
File not found - 

(MSKSSRV) Microsoft Streaming Service Proxy [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\drivers\MSKSSRV.sys

(MSPCLOCK) Microsoft Streaming Clock Proxy [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\drivers\MSPCLOCK.sys

(MSPQM) Microsoft Streaming Quality Manager Proxy [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\drivers\MSPQM.sys

(mssmbios) Microsoft System Management BIOS Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\mssmbios.sys

(MSTEE) Microsoft Streaming Tee/Sink-to-Sink Converter [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\drivers\MSTEE.sys

(MTsensor) ATK0110 ACPI UTILITY [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\ASACPI.sys

(Mup) Mup [Boot | Running] 
File not found - 

(NABTSFEC) NABTS/FEC VBI Codec [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys

(NDIS) NDIS System Driver [Boot | Running] 
File not found - 

(NdisIP) Microsoft TV/Video Connection [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\NdisIP.sys

(NdisTapi) Remote Access NDIS TAPI Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\ndistapi.sys

(Ndisuio) NDIS Usermode I/O Protocol [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\ndisuio.sys

(NdisWan) Remote Access NDIS WAN Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\ndiswan.sys

(NDProxy) NDIS Proxy [On_Demand | Running] 
File not found - 

(NetBIOS) NetBIOS Interface [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\netbios.sys

(NetBT) NetBios over Tcpip [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\netbt.sys

(Npfs) Npfs [System | Running] 
File not found - 

(Ntfs) Ntfs [Disabled | Running] 
File not found - 

(Null) Null [System | Running] 
File not found - 

(nv) nv [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\nv4_mini.sys

(ossrv) Creative  OS Services Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\ctoss2k.sys

(PartMgr) Partition Manager [Boot | Running] 
File not found - 

(PCI) PCI Bus Driver [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\pci.sys

(PptpMiniport) WAN Miniport (PPTP) [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\raspptp.sys

(PSched) QoS Packet Scheduler [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\psched.sys

(Ptilink) Direct Parallel Link Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\ptilink.sys

(RasAcd) Remote Access Auto Connection Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\rasacd.sys

(Rasl2tp) WAN Miniport (L2TP) [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\rasl2tp.sys

(RasPppoe) Remote Access PPPOE Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\raspppoe.sys

(Raspti) Direct Parallel [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\raspti.sys

(Rdbss) Rdbss [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\rdbss.sys

(RDPCDD) RDPCDD [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\RDPCDD.sys

(rdpdr) Terminal Server Device Redirector Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\rdpdr.sys

(redbook) Digital CD Audio Playback Filter Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\redbook.sys

(RT73) RT73 USB Wireless LAN Card Driver [On_Demand | Stopped] 
[11/30/2005 11:33 AM | 00,002,048 | ---- | M] () - C:\WINDOWS\System32\drivers\rt73.bin

(SaiHF51A) SaiHF51A [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\SaiHF51A.sys

(SaiMini) SaiMini [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\SaiMini.sys

(SaiNtBus) SaiNtBus [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\SaiBus.sys

(SaiUF51A) SaiUF51A [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\SaiUF51A.sys

(SASDIFSV) SASDIFSV [System | Stopped] 
[09/03/2008 02:07 PM | 00,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys

(SASENUM) SASENUM [On_Demand | Stopped] 
[09/03/2008 02:07 PM | 00,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS

(SASKUTIL) SASKUTIL [System | Stopped] 
[09/03/2008 02:07 PM | 00,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) - C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS

(Secdrv) Security Driver [Auto | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\secdrv.sys

(SLIP) BDA Slip De-Framer [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\SLIP.sys

(splitter) Microsoft Kernel Audio Splitter [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\drivers\splitter.sys

(sptd) sptd [Boot | Running] 
File not found - C:\WINDOWS\System32\Drivers\sptd.sys

(sr) System Restore Filter Driver [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\sr.sys

(Srv) Srv [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\srv.sys

(streamip) BDA IPSink [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\StreamIP.sys

(swenum) Software Bus Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\swenum.sys

(swmidi) Microsoft Kernel GS Wavetable Synthesizer [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\drivers\swmidi.sys

(sysaudio) Microsoft Kernel System Audio Device [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\sysaudio.sys

(Tcpip) TCP/IP Protocol Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\tcpip.sys

(TermDD) Terminal Device Driver [System | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\termdd.sys

(truecrypt) truecrypt [System | Running] 
[08/27/2008 12:33 PM | 00,238,784 | ---- | M] (TrueCrypt Foundation) - C:\WINDOWS\SysWOW64\Drivers\truecrypt.sys

(Udfs) Udfs [Disabled | Running] 
File not found - 

(Update) Microcode Update Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\update.sys

(usbccgp) Microsoft USB Generic Parent Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\usbccgp.sys

(usbehci) Microsoft USB 2.0 Enhanced Host Controller Miniport Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\usbehci.sys

(usbhub) USB2 Enabled Hub [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\usbhub.sys

(usbstor) USB Mass Storage Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS

(usbuhci) Microsoft USB Universal Host Controller Miniport Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\usbuhci.sys

(vga) vga [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\vgapnp.sys

(VgaSave) VGA Display Controller. [System | Running] 
File not found - C:\WINDOWS\System32\drivers\vga.sys

(VolSnap) Storage volumes [Boot | Running] 
File not found - C:\WINDOWS\system32\DRIVERS\volsnap.sys

(Wanarp) Remote Access IP ARP Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\wanarp.sys

(wdmaud) Microsoft WINMM WDM Audio Compatibility Driver [On_Demand | Running] 
File not found - C:\WINDOWS\System32\drivers\wdmaud.sys

(WSTCODEC) World Standard Teletext Codec [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS

(WudfPf) Windows Driver Foundation - User-mode Driver Framework Platform Driver [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\WudfPf.sys

(WudfRd) Windows Driver Foundation - User-mode Driver Framework Reflector [On_Demand | Stopped] 
File not found - C:\WINDOWS\System32\DRIVERS\wudfrd.sys

(yukonx64) NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller [On_Demand | Running] 
File not found - C:\WINDOWS\System32\DRIVERS\yk51x64.sys

========== Run Keys ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!" = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [07/19/2008 04:38 PM | 00,078,008 | ---- | M] (ALWIL Software)
"CTHelper" = CTHELPER.EXE [02/20/2008 08:58 PM | 00,019,456 | ---- | M] (Creative Technology Ltd)
"CTxfiHlp" = CTXFIHLP.EXE [02/20/2008 08:58 PM | 00,019,968 | ---- | M] (Creative Technology Ltd)
"Six Engine" = "C:\Program Files (x86)\ASUS\Six Engine\SixEngine.exe" -r [05/14/2008 06:42 PM | 05,958,656 | ---- | M] ()
"SunJavaUpdateSched" = "C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM | 00,144,784 | ---- | M] (Sun Microsystems, Inc.)
"VolPanel" = "C:\Program Files (x86)\Creative\Volume Panel\VolPanlu.exe" /r [06/20/2008 01:30 PM | 00,221,300 | ---- | M] (Creative Technology Ltd)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = Reg Error: Value load does not exist or could not be read.
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe [09/18/2005 06:43 PM | 02,217,984 | ---- | M] (Methlabs)
"SUPERAntiSpyware" = C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [09/03/2008 02:07 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = 
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall" = %systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = 
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall" = %systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = 
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall" = %systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = 
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall" = %systemroot%\system32\tscupgrd.exe File not found

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = 
"run" = Reg Error: Value run does not exist or could not be read.

[HKEY_USERS\S-1-5-21-2842628995-3559081299-4084640986-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerGuardian" = C:\Program Files\PeerGuardian2\pg2.exe [09/18/2005 06:43 PM | 02,217,984 | ---- | M] (Methlabs)
"SUPERAntiSpyware" = C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [09/03/2008 02:07 PM | 01,576,176 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_USERS\S-1-5-21-2842628995-3559081299-4084640986-1003\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"load" = 
"run" = Reg Error: Value run does not exist or could not be read.

========== Startup Folders ==========

[Admin Startup Folder - C:\Documents and Settings\Admin\Start Menu\Programs\Startup]

[Administrator Startup Folder - C:\Documents and Settings\Administrator\Start Menu\Programs\Startup]

[All Users Startup Folder - C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
[06/09/2006 10:24 AM | 00,618,496 | ---- | M] (Ralink Technology, Corp.) - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk = C:\Program Files (x86)\RALINK\Common\RaUI.exe

[Carsten Startup Folder - C:\Documents and Settings\Carsten\Start Menu\Programs\Startup]

[Default User Startup Folder - C:\Documents and Settings\Default User\Start Menu\Programs\Startup]

========== BHO's ==========

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
HKLM CLSID: (SSVHelper Class) - [06/10/2008 04:27 AM | 00,509,328 | ---- | M] (Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre1.6.0_07\bin\ssv.dll

========== Toolbars ==========

========== AppInit_Dlls ==========

========== Shell Execute Hooks ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}" = 
HKLM CLSID: (SABShellExecuteHook Class) - [05/13/2008 10:13 AM | 00,077,824 | ---- | M] (SuperAdBlocker.com) C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL

========== HKLM Security Providers ==========

========== HKLM Winlogon Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell]
= Explorer.exe
>Explorer.exe - [02/18/2007 11:05 AM | 01,053,184 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\explorer.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\System]
= lsass.exe
>lsass.exe - File not found 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit]
= userinit
>userinit - [02/18/2007 11:05 AM | 00,026,112 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\userinit.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UIHost]
= %SystemRoot%\system32\logonui.exe
>%SystemRoot%\system32\logonui.exe - [02/18/2007 11:05 AM | 00,516,096 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\logonui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet]
= rundll32 shell32,Control_RunDLL "sysdm.cpl"
>rundll32 shell32 - [11/08/2007 12:55 AM | 08,360,448 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
>Control_RunDLL "sysdm.cpl" - [02/18/2007 11:05 AM | 00,301,568 | ---- | M] (Microsoft Corporation) C:\WINDOWS\system32\sysdm.cpl

========== User's Winlogon Settings ==========

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
"DllName" = C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll [07/23/2008 04:28 PM | 00,352,256 | ---- | M] (SUPERAntiSpyware.com)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DllName" =  File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"DllName" =  File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DllName" =  File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DllName" =  File not found

========== Policies ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoActiveDesktop" = 1
"NoActiveDesktopChanges" = 1
"ForceActiveDesktopOn" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
"dontdisplaylastusername" = 0
"legalnoticecaption" = 
"legalnoticetext" = 
"scforceoption" = 0
"shutdownwithoutlogon" = 1
"undockwithoutlogon" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"ForceClassicControlPanel" = 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"ForceClassicControlPanel" = 1

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"ForceClassicControlPanel" = 1

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"ForceClassicControlPanel" = 1

[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"ForceClassicControlPanel" = 1

[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


[HKEY_USERS\S-1-5-21-2842628995-3559081299-4084640986-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoDriveTypeAutoRun" = 255
"ForceClassicControlPanel" = 1

[HKEY_USERS\S-1-5-21-2842628995-3559081299-4084640986-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System]
Unable to open key or key not present!


========== Lsa Authentication Packages ==========

========== Lsa Security Packages ==========

========== Desktop Components ==========

========== Safeboot Options ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell" = cmd.exe

========== Disabled MsConfig Items ==========
Unable to open key or key not present!


========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
[08/27/2008 11:52 AM | 00,000,000 | ---- | M] () C:\AUTOEXEC.BAT [ NTFS ]

autorun.inf [[Autorun] | open=setup.exe | ]
[06/05/2007 12:08 PM | 00,000,025 | R--- | M] () J:\autorun.inf [ CDFS ]

========== MountPoints2 ==========

========== DNS Name Servers ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0E86A432-F572-44EA-BC61-E6A1463D0CC2}]
Servers:  | Description: 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{0F4E949B-A6F7-4F85-B48A-07E3FF16C49D}]
Servers:  | Description: Marvell Yukon 88E8056 PCI-E Gigabit Ethernet Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{310A632A-9577-4946-A84A-CE46CDF21017}]
Servers:  | Description: Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\{94697FA3-DB81-4220-8401-87CEA8B14A85}]
Servers:  | Description: RT73 USB Wireless LAN Card

========== Hosts File ==========

HOSTS File = (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
First 25 entries...
127.0.0.1       localhost



========== Files/Folders - Created Within 30 days ==========

[08/27/2008 01:42 PM | R--D | C] - C:\WINDOWS
@Alternate Data Stream - 8 bytes -> %SystemRoot%:
[08/27/2008 01:46 PM | 00,000,213 | -HS- | C] () - C:\boot.ini
[08/27/2008 01:46 PM | ---D | C] - C:\Documents and Settings
[08/27/2008 01:46 PM | -HSD | C] - C:\System Volume Information
[08/27/2008 01:47 PM | R--D | C] - C:\Program Files
[08/27/2008 01:47 PM | R--D | C] - C:\Program Files (x86)
[08/27/2008 01:51 PM | ---D | C] - C:\progs
[08/27/2008 02:00 PM | -HSD | C] - C:\RECYCLER
[08/27/2008 02:35 PM | ---D | C] - C:\Python25
[08/27/2008 11:52 AM | 00,000,000 | ---- | C] () - C:\AUTOEXEC.BAT
[08/27/2008 11:52 AM | 00,000,000 | ---- | C] () - C:\CONFIG.SYS
[08/27/2008 11:52 AM | 00,000,000 | RHS- | C] () - C:\IO.SYS
[08/27/2008 11:52 AM | 00,000,000 | RHS- | C] () - C:\MSDOS.SYS
[08/27/2008 12:54 PM | ---D | C] - C:\mnt
[08/29/2008 05:20 PM | ---D | C] - C:\Fraps
[09/05/2008 10:50 AM | ---D | C] - C:\spoolerlogs
[09/06/2008 05:06 PM | ---D | C] - C:\Downloads
[09/07/2008 10:55 AM | ---D | C] - C:\rsit
[08/27/2008 12:29 PM | 00,010,216 | ---- | C] () - C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[08/27/2008 12:29 PM | 00,011,832 | ---- | C] () - C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[08/27/2008 12:29 PM | 00,014,392 | ---- | C] () - C:\WINDOWS\System32\drivers\AsIO.sys
[08/27/2008 12:33 PM | 00,238,784 | ---- | C] (TrueCrypt Foundation) - C:\WINDOWS\System32\drivers\truecrypt.sys
[09/05/2008 02:56 PM | 00,002,048 | ---- | C] () - C:\WINDOWS\System32\drivers\rt73.bin
[09/07/2008 11:06 AM | 00,085,969 | ---- | C] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys
[2 C:\WINDOWS\System32\*.tmp files]
[08/25/2008 06:42 PM | 00,000,054 | ---- | C] () - C:\WINDOWS\System32\ctzapxx.ini
[08/25/2008 06:42 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\default.sfm
[08/25/2008 06:42 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\default4.sfm
[08/25/2008 06:42 PM | 00,000,059 | ---- | C] () - C:\WINDOWS\System32\default8.sfm
[08/25/2008 06:42 PM | 00,000,307 | ---- | C] () - C:\WINDOWS\System32\kill.ini
[08/25/2008 06:42 PM | 00,005,120 | ---- | C] () - C:\WINDOWS\System32\enlocstr.exe
[08/25/2008 06:42 PM | 00,006,169 | ---- | C] () - C:\WINDOWS\System32\CTAPO64.UDA
[08/25/2008 06:42 PM | 00,010,240 | ---- | C] ( ) - C:\WINDOWS\System32\killapps.exe
[08/25/2008 06:42 PM | 00,017,920 | ---- | C] (Creative Technology, Ltd) - C:\WINDOWS\System32\ctedasio.dll
[08/25/2008 06:42 PM | 00,034,816 | ---- | C] ( ) - C:\WINDOWS\System32\a3d.dll
[08/25/2008 06:42 PM | 00,037,888 | ---- | C] () - C:\WINDOWS\System32\psconv.exe
[08/25/2008 06:42 PM | 00,038,400 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\System32\readreg.exe
[08/25/2008 06:42 PM | 00,043,520 | ---- | C] () - C:\WINDOWS\System32\CTBurst.dll
[08/25/2008 06:42 PM | 00,053,932 | ---- | C] () - C:\WINDOWS\System32\ctdaught.dat
[08/25/2008 06:42 PM | 00,056,509 | ---- | C] () - C:\WINDOWS\System32\ctdnlstr.dat
[08/25/2008 06:42 PM | 00,077,824 | ---- | C] () - C:\WINDOWS\System32\ctmmactl.dll
[08/25/2008 06:42 PM | 00,077,824 | ---- | C] (Creative Labs) - C:\WINDOWS\System32\eaxac3.dll
[08/25/2008 06:42 PM | 00,101,603 | ---- | C] () - C:\WINDOWS\System32\instwdm.ini
[08/25/2008 06:42 PM | 00,313,207 | ---- | C] () - C:\WINDOWS\System32\ctstatic.dat
[08/25/2008 06:42 PM | 00,321,512 | ---- | C] () - C:\WINDOWS\System32\ctdlang.dat
[08/25/2008 06:42 PM | 00,782,336 | ---- | C] (Creative Labs Inc.) - C:\WINDOWS\System32\OALInst.exe
[08/25/2008 06:42 PM | 01,048,576 | ---- | C] () - C:\WINDOWS\System32\CT1MGM.ROM
[08/25/2008 06:42 PM | 02,167,684 | ---- | C] () - C:\WINDOWS\System32\CT2MGM.SF2
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1025
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1028
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1031
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1033
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1037
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1041
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1042
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\1054
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\2052
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\3076
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\Drivers
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\en
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\export
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\ias
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\InstallShield
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\mui
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\usmt
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\System32\wbem
[08/27/2008 01:43 PM | 00,556,482 | ---- | C] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/27/2008 01:44 PM | ---D | C] - C:\WINDOWS\System32\en-US
[08/27/2008 01:44 PM | ---D | C] - C:\WINDOWS\System32\XPSViewer
[08/27/2008 01:47 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28594.NLS
[08/27/2008 01:47 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28595.NLS
[08/27/2008 01:47 PM | 00,066,082 | ---- | C] () - C:\WINDOWS\System32\C_28597.NLS
[08/27/2008 01:49 PM | --SD | C] - C:\WINDOWS\System32\config
[08/27/2008 01:56 PM | 00,001,688 | ---- | C] () - C:\WINDOWS\System32\autoexec.nt
[08/27/2008 11:49 AM | ---D | C] - C:\WINDOWS\System32\Com
[08/27/2008 11:51 AM | ---D | C] - C:\WINDOWS\System32\Macromed
[08/27/2008 11:52 AM | 00,016,832 | ---- | C] () - C:\WINDOWS\System32\amcompat.tlb
[08/27/2008 11:52 AM | 00,023,392 | ---- | C] () - C:\WINDOWS\System32\nscompat.tlb
[08/27/2008 11:52 AM | ---D | C] - C:\WINDOWS\System32\ime
[08/27/2008 11:52 AM | ---D | C] - C:\WINDOWS\System32\inetsrv
[08/27/2008 11:57 AM | ---D | C] - C:\WINDOWS\System32\SoftwareDistribution
[08/27/2008 12:00 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\System32\config.nt
[08/27/2008 12:00 PM | 00,380,928 | ---- | C] () - C:\WINDOWS\System32\actskin4.ocx
[08/27/2008 12:00 PM | 01,163,960 | ---- | C] (ALWIL Software) - C:\WINDOWS\System32\aswBoot.exe
[08/27/2008 12:07 PM | ---D | C] - C:\WINDOWS\System32\AGEIA
[08/27/2008 12:14 PM | 00,003,072 | ---- | C] () - C:\WINDOWS\System32\CTXFIRES.DLL
[08/27/2008 12:14 PM | 00,011,776 | ---- | C] (Creative Technology Limited) - C:\WINDOWS\System32\INRES.DLL
[08/27/2008 12:14 PM | ---D | C] - C:\WINDOWS\System32\Data
[08/27/2008 12:15 PM | 00,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll
[08/27/2008 12:15 PM | 00,413,696 | ---- | C] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/27/2008 12:15 PM | 04,174,814 | ---- | C] () - C:\WINDOWS\System32\CT4MGM.SF2
[08/27/2008 12:25 PM | 00,057,856 | ---- | C] () - C:\WINDOWS\System32\MSDvbNP.ax
[08/27/2008 12:25 PM | 00,135,680 | ---- | C] () - C:\WINDOWS\System32\PsisRndr.ax
[08/27/2008 12:25 PM | 00,202,240 | ---- | C] () - C:\WINDOWS\System32\PsisDecd.dll
[08/27/2008 12:26 PM | 00,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) - C:\WINDOWS\System32\CSVer.dll
[08/27/2008 12:29 PM | 00,024,576 | ---- | C] () - C:\WINDOWS\System32\AsIO.dll
[08/27/2008 12:36 PM | 00,421,888 | ---- | C] () - C:\WINDOWS\System32\ac3filter.acm
[08/27/2008 12:38 PM | 00,007,680 | ---- | C] () - C:\WINDOWS\System32\ff_vfw.dll
[08/27/2008 12:38 PM | 00,060,273 | ---- | C] (Open Source Software community project) - C:\WINDOWS\System32\pthreadGC2.dll
[09/05/2008 02:56 PM | 00,295,018 | ---- | C] () - C:\WINDOWS\System32\Install7x.dll
[09/05/2008 02:56 PM | 00,315,392 | ---- | C] () - C:\WINDOWS\System32\AegisI5.exe
[09/06/2008 02:46 PM | 00,163,840 | R--- | C] (Immersion Corporation) - C:\WINDOWS\System32\Sai3F51A.Dll
[3 C:\WINDOWS\*.tmp files]
[08/25/2008 06:42 PM | 03,377,466 | ---- | C] () - C:\WINDOWS\CTDV10K1.CDF
[08/25/2008 06:42 PM | 03,735,544 | ---- | C] () - C:\WINDOWS\CTDV10K2.CDF
[08/25/2008 06:42 PM | 04,958,588 | ---- | C] () - C:\WINDOWS\CTDVAUDY.CDF
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\ADAM
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\addins
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\ADFS
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\AppPatch
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Config
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Connection Wizard
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Cursors
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Debug
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Driver Cache
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Help
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\ime
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\ime (x86)
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\java
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Media
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Microsoft.NET
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\msagent
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\msagent64
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\msapps
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\mui
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\NLDRV
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Provisioning
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\repair
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Resources
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\security
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\srchasst
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\system
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\system32
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\SysWOW64
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\Temp
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\twain_32
[08/27/2008 01:42 PM | ---D | C] - C:\WINDOWS\WinSxS
[08/27/2008 01:42 PM | -H-D | C] - C:\WINDOWS\inf
[08/27/2008 01:42 PM | R--D | C] - C:\WINDOWS\Web
[08/27/2008 01:42 PM | R-SD | C] - C:\WINDOWS\Fonts
[08/27/2008 01:43 PM | R-SD | C] - C:\WINDOWS\assembly
[08/27/2008 01:47 PM | 00,000,150 | ---- | C] () - C:\WINDOWS\system.ini
[08/27/2008 01:47 PM | 00,000,956 | ---- | C] () - C:\WINDOWS\imsins.BAK
[08/27/2008 01:47 PM | 00,004,161 | ---- | C] () - C:\WINDOWS\ODBCINST.INI
[08/27/2008 01:47 PM | -HSD | C] - C:\WINDOWS\Installer
[08/27/2008 07:23 PM | ---D | C] - C:\WINDOWS\Logs
[08/27/2008 11:50 AM | 00,000,036 | ---- | C] () - C:\WINDOWS\vb.ini
[08/27/2008 11:50 AM | 00,000,037 | ---- | C] () - C:\WINDOWS\vbaddin.ini
[08/27/2008 11:50 AM | 00,001,272 | ---- | C] () - C:\WINDOWS\Blue Lace 16.bmp
[08/27/2008 11:50 AM | 00,009,522 | ---- | C] () - C:\WINDOWS\Zapotec.bmp
[08/27/2008 11:50 AM | 00,016,730 | ---- | C] () - C:\WINDOWS\FeatherTexture.bmp
[08/27/2008 11:50 AM | 00,017,062 | ---- | C] () - C:\WINDOWS\Coffee Bean.bmp
[08/27/2008 11:50 AM | 00,017,336 | ---- | C] () - C:\WINDOWS\Gone Fishing.bmp
[08/27/2008 11:50 AM | 00,017,362 | ---- | C] () - C:\WINDOWS\Rhododendron.bmp
[08/27/2008 11:50 AM | 00,026,582 | ---- | C] () - C:\WINDOWS\Greenstone.bmp
[08/27/2008 11:50 AM | 00,026,680 | ---- | C] () - C:\WINDOWS\River Sumida.bmp
[08/27/2008 11:50 AM | 00,065,832 | ---- | C] () - C:\WINDOWS\Santa Fe Stucco.bmp
[08/27/2008 11:50 AM | 00,065,954 | ---- | C] () - C:\WINDOWS\Prairie Wind.bmp
[08/27/2008 11:50 AM | 00,065,978 | ---- | C] () - C:\WINDOWS\Soap Bubbles.bmp
[08/27/2008 11:50 AM | ---D | C] - C:\WINDOWS\PCHealth
[08/27/2008 11:50 AM | ---D | C] - C:\WINDOWS\Registration
[08/27/2008 11:50 AM | --SD | C] - C:\WINDOWS\Tasks
[08/27/2008 11:51 AM | 00,000,002 | ---- | C] () - C:\WINDOWS\desktop.ini
[08/27/2008 11:51 AM | 00,000,431 | ---- | C] () - C:\WINDOWS\win.ini
[08/27/2008 11:51 AM | 00,000,749 | RH-- | C] () - C:\WINDOWS\WindowsShell.Manifest
[08/27/2008 11:51 AM | 00,144,128 | -HS- | C] () - C:\WINDOWS\winnt.bmp
[08/27/2008 11:51 AM | 00,144,128 | -HS- | C] () - C:\WINDOWS\winnt256.bmp
[08/27/2008 11:51 AM | R--D | C] - C:\WINDOWS\Offline Web Pages
[08/27/2008 11:51 AM | --SD | C] - C:\WINDOWS\Downloaded Program Files
[08/27/2008 11:52 AM | 00,000,000 | ---- | C] () - C:\WINDOWS\control.ini
[08/27/2008 11:52 AM | 00,316,640 | ---- | C] () - C:\WINDOWS\WMSysPr9.prx
[08/27/2008 11:55 AM | 00,002,048 | --S- | C] () - C:\WINDOWS\bootstat.dat
[08/27/2008 11:56 AM | ---D | C] - C:\WINDOWS\Prefetch
[08/27/2008 11:56 AM | ---D | C] - C:\WINDOWS\SoftwareDistribution
[08/27/2008 11:56 AM | -HSD | C] - C:\WINDOWS\CSC
[08/27/2008 12:03 PM | 00,000,000 | ---- | C] () - C:\WINDOWS\nsreg.dat
[08/27/2008 12:07 PM | ---D | C] - C:\WINDOWS\nview
[08/28/2008 11:20 PM | ---D | C] - C:\WINDOWS\Sun
[09/01/2008 11:09 PM | -H-D | C] - C:\WINDOWS\$hf_mig$
[09/05/2008 01:24 PM | ---D | C] - C:\WINDOWS\pss
[09/05/2008 02:56 PM | 00,000,045 | ---- | C] () - C:\WINDOWS\filespec7x
[09/07/2008 11:06 AM | 00,000,080 | ---- | C] () - C:\WINDOWS\gmer_uninstall.cmd
[09/07/2008 11:06 AM | 00,000,250 | ---- | C] () - C:\WINDOWS\gmer.ini
[09/07/2008 11:06 AM | 00,811,008 | ---- | C] () - C:\WINDOWS\gmer.exe
[09/07/2008 11:06 AM | 00,884,736 | ---- | C] () - C:\WINDOWS\gmer.dll
[08/27/2008 11:50 AM | 00,000,065 | RH-- | C] () - C:\WINDOWS\tasks\desktop.ini
[08/27/2008 11:56 AM | 00,000,006 | -H-- | C] () - C:\WINDOWS\tasks\SA.DAT
[08/27/2008 01:30 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[08/27/2008 01:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Microsoft Help
[08/27/2008 01:47 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Application Data\desktop.ini
[08/27/2008 01:47 PM | --SD | C] - C:\Documents and Settings\All Users\Application Data\Microsoft
[08/27/2008 07:25 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Trymedia
[08/27/2008 12:15 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Creative
[08/29/2008 05:20 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\TEMP
@Alternate Data Stream - 138 bytes -> %AllUsersProfile%\Application Data\TEMP:05EE1EEF
[08/29/2008 05:27 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\DVD Shrink
[09/05/2008 06:24 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[09/06/2008 01:34 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Azureus
[09/06/2008 02:46 PM | ---D | C] - C:\Documents and Settings\All Users\Application Data\Saitek
[08/27/2008 02:45 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\Carsten\Application Data\desktop.ini
[08/27/2008 02:45 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Identities
[08/27/2008 02:45 PM | --SD | C] - C:\Documents and Settings\Carsten\Application Data\Microsoft
[08/27/2008 02:47 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Mozilla
[08/27/2008 02:47 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Subversion
[08/27/2008 02:49 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Thunderbird
[08/27/2008 02:50 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\.purple
[08/27/2008 03:06 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Adobe
[08/27/2008 03:06 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Free Download Manager
[08/27/2008 03:06 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Macromedia
[08/27/2008 03:07 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Notepad++
[08/27/2008 07:00 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\gtk-2.0
[08/27/2008 11:04 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Sun
[08/27/2008 11:21 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Creative
[08/28/2008 03:29 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\DAEMON Tools
[08/28/2008 05:27 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\vlc
[08/28/2008 10:52 AM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\TrueCrypt
[09/04/2008 03:25 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\InfraRecorder
[09/04/2008 07:54 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\ImgBurn
[09/05/2008 06:24 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\SUPERAntiSpyware.com
[09/05/2008 10:52 AM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\OpenOffice.org2
[09/05/2008 11:01 AM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\dvdcss
[09/06/2008 01:25 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Participatory Culture Foundation
[09/06/2008 01:32 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\PCF-VLC
[09/06/2008 01:34 PM | ---D | C] - C:\Documents and Settings\Carsten\Application Data\Azureus
[08/27/2008 02:45 PM | ---D | C] - C:\Documents and Settings\Carsten\Local Settings\Application Data\TSVNCache
[08/27/2008 02:45 PM | --SD | C] - C:\Documents and Settings\Carsten\Local Settings\Application Data\Microsoft
[08/27/2008 02:47 PM | ---D | C] - C:\Documents and Settings\Carsten\Local Settings\Application Data\Mozilla
[08/27/2008 02:50 PM | ---D | C] - C:\Documents and Settings\Carsten\Local Settings\Application Data\Thunderbird
[08/27/2008 02:54 PM | 00,024,520 | ---- | C] () - C:\Documents and Settings\Carsten\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[08/27/2008 02:54 PM | ---D | C] - C:\Documents and Settings\Carsten\Local Settings\Application Data\Microsoft Help
[08/27/2008 04:14 PM | 06,385,962 | -H-- | C] () - C:\Documents and Settings\Carsten\Local Settings\Application Data\IconCache.db
[08/29/2008 03:18 PM | 00,006,144 | ---- | C] () - C:\Documents and Settings\Carsten\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/29/2008 07:57 PM | ---D | C] - C:\Documents and Settings\Carsten\Local Settings\Application Data\World in Conflict
[09/06/2008 01:25 PM | ---D | C] - C:\Documents and Settings\Carsten\Local Settings\Application Data\Participatory Culture Foundation
[08/27/2008 01:47 PM | 00,000,062 | -HS- | C] () - C:\Documents and Settings\All Users\Documents\desktop.ini
[08/27/2008 11:50 AM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Pictures
[08/27/2008 11:51 AM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Music
[08/27/2008 12:20 PM | R--D | C] - C:\Documents and Settings\All Users\Documents\My Videos
[08/29/2008 05:12 PM | 00,084,093 | ---- | C] () - C:\Documents and Settings\All Users\Documents\Titan_Quest_Keygen.zip
[08/29/2008 05:43 PM | 00,062,589 | ---- | C] () - C:\Documents and Settings\All Users\Documents\Titan.Quest.v1.30.No-Cd-DvD.Patch.rar
[08/29/2008 05:43 PM | 00,332,827 | ---- | C] () - C:\Documents and Settings\All Users\Documents\unl-tq3c.rar
[08/29/2008 05:51 PM | 00,062,830 | ---- | C] () - C:\Documents and Settings\All Users\Documents\TITAN.QUEST.V1.30.ALL.ATOTIK.NOCD.ZIP
[08/29/2008 05:54 PM | 00,418,244 | ---- | C] () - C:\Documents and Settings\All Users\Documents\TITAN.QUEST.V1.30.ALL.UNLEASHED.NOCD.ZIP
[08/29/2008 07:54 PM | 20,518,866 | ---- | C] () - C:\Documents and Settings\All Users\Documents\b-wic109.7z
[08/29/2008 09:02 PM | 00,084,480 | ---- | C] () - C:\Documents and Settings\All Users\Documents\Titan.Quest_KEYGEN-FFF.exe
[08/30/2008 02:27 AM | 00,309,425 | ---- | C] () - C:\Documents and Settings\All Users\Documents\download2.zip
[09/06/2008 02:47 PM | ---D | C] - C:\Documents and Settings\All Users\Documents\Saitek SD6 Profiles
[09/06/2008 03:35 PM | 33,007,900 | ---- | C] () - C:\Documents and Settings\All Users\Documents\WoA krank Kurator 2.avi
[08/27/2008 02:45 PM | 00,000,078 | -HS- | C] () - C:\Documents and Settings\Carsten\My Documents\desktop.ini
[08/27/2008 02:45 PM | R--D | C] - C:\Documents and Settings\Carsten\My Documents\My Music
[08/27/2008 02:45 PM | R--D | C] - C:\Documents and Settings\Carsten\My Documents\My Pictures
[08/27/2008 02:53 PM | ---D | C] - C:\Documents and Settings\Carsten\My Documents\Visual Studio 2008
[08/27/2008 07:24 PM | ---D | C] - C:\Documents and Settings\Carsten\My Documents\GTA Vice City User Files
[08/27/2008 07:24 PM | ---D | C] - C:\Documents and Settings\Carsten\My Documents\Hitman Blood Money
[08/27/2008 09:59 PM | R--D | C] - C:\Documents and Settings\Carsten\My Documents\My Videos
[08/29/2008 06:24 PM | 28,803,072 | ---- | C] () - C:\Documents and Settings\Carsten\My Documents\windows.iso
[08/29/2008 07:57 PM | ---D | C] - C:\Documents and Settings\Carsten\My Documents\World in Conflict
[08/29/2008 08:03 PM | ---D | C] - C:\Documents and Settings\Carsten\My Documents\My Games
[08/29/2008 09:02 PM | 00,000,622 | ---- | C] () - C:\Documents and Settings\Carsten\My Documents\titan quest.reg
[09/06/2008 01:35 PM | ---D | C] - C:\Documents and Settings\Carsten\My Documents\Azureus Downloads
[09/06/2008 03:26 PM | 00,000,072 | ---- | C] () - C:\Documents and Settings\Carsten\My Documents\hfdhfd.jsf
[08/27/2008 01:10 PM | 00,001,722 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[08/27/2008 01:21 PM | 00,000,902 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\xplorer2.lnk
[08/27/2008 12:00 PM | 00,001,693 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/27/2008 12:05 PM | 00,001,656 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/27/2008 12:24 PM | 00,000,925 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[08/27/2008 12:33 PM | 00,000,670 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk
[08/27/2008 12:40 PM | 00,001,582 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[08/28/2008 12:51 AM | 00,000,761 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[08/29/2008 05:20 PM | 00,000,482 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\Fraps.lnk
[09/05/2008 06:24 PM | 00,000,822 | ---- | C] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[08/29/2008 05:27 PM | 00,000,700 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\DVD Shrink 3.2.lnk
[08/30/2008 09:27 PM | 00,000,585 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\Titan Quest.exe.lnk
[09/05/2008 01:44 PM | 00,001,788 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\HijackThis.lnk
[09/05/2008 01:47 PM | 06,637,592 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\SUPERAntiSpyware.exe
[09/05/2008 10:58 AM | 00,008,305 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\stuff.ods
[09/07/2008 10:24 AM | 00,002,097 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\hjtscanlist.zip
[09/07/2008 10:25 AM | 00,030,259 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\hjtscanlist.bat
[09/07/2008 10:55 AM | 00,304,189 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\RSIT.exe
[09/07/2008 10:59 AM | 00,008,958 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\rsit_fehler.png
[09/07/2008 11:04 AM | 00,066,048 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\mbr.exe
[09/07/2008 11:06 AM | 00,811,008 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\gmer.exe
[09/07/2008 11:50 AM | 00,017,577 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\gmer_fehler.png
[09/07/2008 11:53 AM | 00,142,336 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\catchme.exe
[09/07/2008 11:55 AM | 00,102,160 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\RootkitRevealer.chm
[09/07/2008 11:55 AM | 00,231,390 | ---- | C] () - C:\Documents and Settings\Carsten\Desktop\RootkitRevealer.zip
[09/07/2008 11:55 AM | 00,334,720 | ---- | C] (Sysinternals - www.sysinternals.com) - C:\Documents and Settings\Carsten\Desktop\RootkitRevealer.exe
[08/27/2008 01:47 PM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[09/05/2008 02:57 PM | 00,001,675 | ---- | C] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[08/27/2008 02:45 PM | 00,000,084 | -HS- | C] () - C:\Documents and Settings\Carsten\Start Menu\Programs\Startup\desktop.ini
[08/27/2008 01:46 PM | ---D | C] - C:\Program Files (x86)\Common Files\Merge Modules
[08/27/2008 01:47 PM | ---D | C] - C:\Program Files (x86)\Common Files\Microsoft Shared
[08/27/2008 01:47 PM | ---D | C] - C:\Program Files (x86)\Common Files\ODBC
[08/27/2008 01:47 PM | ---D | C] - C:\Program Files (x86)\Common Files\SpeechEngines
[08/27/2008 01:53 PM | ---D | C] - C:\Program Files (x86)\Common Files\Java
[08/27/2008 11:50 AM | ---D | C] - C:\Program Files (x86)\Common Files\System
[08/27/2008 11:51 AM | ---D | C] - C:\Program Files (x86)\Common Files\Services
[08/27/2008 12:07 PM | ---D | C] - C:\Program Files (x86)\Common Files\Wise Installation Wizard
[08/27/2008 12:14 PM | ---D | C] - C:\Program Files (x86)\Common Files\InstallShield
[08/27/2008 12:15 PM | ---D | C] - C:\Program Files (x86)\Common Files\Creative
[08/27/2008 12:17 PM | ---D | C] - C:\Program Files (x86)\Common Files\Creative Labs Shared
[08/27/2008 12:57 PM | ---D | C] - C:\Program Files (x86)\Common Files\GTK
[08/27/2008 01:02 PM | ---D | C] - C:\Program Files (x86)\DAEMON Tools Lite
[08/27/2008 01:10 PM | ---D | C] - C:\Program Files (x86)\Mozilla Thunderbird
[08/27/2008 01:19 PM | ---D | C] - C:\Program Files (x86)\GIMP-2.0
[08/27/2008 01:21 PM | ---D | C] - C:\Program Files (x86)\zabkat
[08/27/2008 01:30 PM | ---D | C] - C:\Program Files (x86)\Free Download Manager
[08/27/2008 01:41 PM | ---D | C] - C:\Program Files (x86)\MSXML 6.0
[08/27/2008 01:44 PM | ---D | C] - C:\Program Files (x86)\MSBuild
[08/27/2008 01:44 PM | ---D | C] - C:\Program Files (x86)\Reference Assemblies
[08/27/2008 01:46 PM | ---D | C] - C:\Program Files (x86)\Microsoft Visual Studio 9.0
[08/27/2008 01:46 PM | ---D | C] - C:\Program Files (x86)\Microsoft.NET
[08/27/2008 01:47 PM | ---D | C] - C:\Program Files (x86)\Common Files
[08/27/2008 01:48 PM | ---D | C] - C:\Program Files (x86)\Microsoft SQL Server
[08/27/2008 01:53 PM | ---D | C] - C:\Program Files (x86)\Java
[08/27/2008 01:58 PM | ---D | C] - C:\Program Files (x86)\OpenOffice.org 2.4
[08/27/2008 03:08 PM | ---D | C] - C:\Program Files (x86)\Notepad++
[08/27/2008 11:49 AM | ---D | C] - C:\Program Files (x86)\MSN
[08/27/2008 11:49 AM | ---D | C] - C:\Program Files (x86)\Windows NT
[08/27/2008 11:50 AM | ---D | C] - C:\Program Files (x86)\Internet Explorer
[08/27/2008 11:50 AM | ---D | C] - C:\Program Files (x86)\MSN Gaming Zone
[08/27/2008 11:50 AM | ---D | C] - C:\Program Files (x86)\Outlook Express
[08/27/2008 11:50 AM | ---D | C] - C:\Program Files (x86)\Windows Media Player
[08/27/2008 11:51 AM | 00,000,002 | -HS- | C] () - C:\Program Files (x86)\desktop.ini
[08/27/2008 11:51 AM | ---D | C] - C:\Program Files (x86)\Movie Maker
[08/27/2008 11:51 AM | ---D | C] - C:\Program Files (x86)\NetMeeting
[08/27/2008 11:51 AM | ---D | C] - C:\Program Files (x86)\Windows Media Player[Strings]
[08/27/2008 11:51 AM | -H-D | C] - C:\Program Files (x86)\Uninstall Information
[08/27/2008 11:52 AM | ---D | C] - C:\Program Files (x86)\microsoft shared
[08/27/2008 11:52 AM | ---D | C] - C:\Program Files (x86)\speechengines
[08/27/2008 11:52 AM | ---D | C] - C:\Program Files (x86)\system
[08/27/2008 12:05 PM | ---D | C] - C:\Program Files (x86)\Mozilla Firefox
[08/27/2008 12:07 PM | ---D | C] - C:\Program Files (x86)\AGEIA Technologies
[08/27/2008 12:14 PM | -H-D | C] - C:\Program Files (x86)\InstallShield Installation Information
[08/27/2008 12:15 PM | ---D | C] - C:\Program Files (x86)\Creative
[08/27/2008 12:15 PM | -H-D | C] - C:\Program Files (x86)\Creative Installation Information
[08/27/2008 12:24 PM | ---D | C] - C:\Program Files (x86)\Foxit Software
[08/27/2008 12:26 PM | ---D | C] - C:\Program Files (x86)\Intel
[08/27/2008 12:29 PM | ---D | C] - C:\Program Files (x86)\ASUS
[08/27/2008 12:33 PM | ---D | C] - C:\Program Files (x86)\TrueCrypt
[08/27/2008 12:36 PM | ---D | C] - C:\Program Files (x86)\AC3Filter
[08/27/2008 12:38 PM | ---D | C] - C:\Program Files (x86)\ffdshow
[08/27/2008 12:40 PM | ---D | C] - C:\Program Files (x86)\ImgBurn
[08/27/2008 12:57 PM | ---D | C] - C:\Program Files (x86)\Aspell
[08/27/2008 12:57 PM | ---D | C] - C:\Program Files (x86)\Pidgin
[08/28/2008 12:32 AM | ---D | C] - C:\Program Files (x86)\The KMPlayer1431
[08/28/2008 12:51 AM | ---D | C] - C:\Program Files (x86)\VideoLAN
[08/29/2008 05:27 PM | ---D | C] - C:\Program Files (x86)\DVD Shrink
[09/05/2008 01:44 PM | ---D | C] - C:\Program Files (x86)\Trend Micro
[09/05/2008 02:56 PM | ---D | C] - C:\Program Files (x86)\RALINK
[09/05/2008 06:24 PM | ---D | C] - C:\Program Files (x86)\SUPERAntiSpyware
[09/06/2008 01:25 PM | ---D | C] - C:\Program Files (x86)\Participatory Culture Foundation
[09/06/2008 01:34 PM | ---D | C] - C:\Program Files (x86)\Vuze

========== Files - Modified Within 30 days ==========

[08/27/2008 11:49 AM | 00,000,213 | -HS- | M] () - C:\boot.ini
[08/27/2008 11:52 AM | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT
[08/27/2008 11:52 AM | 00,000,000 | ---- | M] () - C:\CONFIG.SYS
[08/27/2008 11:52 AM | 00,000,000 | RHS- | M] () - C:\IO.SYS
[08/27/2008 11:52 AM | 00,000,000 | RHS- | M] () - C:\MSDOS.SYS
[08/27/2008 12:33 PM | 00,238,784 | ---- | M] (TrueCrypt Foundation) - C:\WINDOWS\System32\drivers\truecrypt.sys
[09/07/2008 11:06 AM | 00,085,969 | ---- | M] (GMER) - C:\WINDOWS\System32\drivers\gmer.sys
[2 C:\WINDOWS\System32\*.tmp files]
[08/27/2008 01:45 PM | 00,556,482 | ---- | M] () - C:\WINDOWS\System32\PerfStringBackup.INI
[08/27/2008 12:15 PM | 00,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) - C:\WINDOWS\System32\OpenAL32.dll
[08/27/2008 12:15 PM | 00,413,696 | ---- | M] (Creative Labs) - C:\WINDOWS\System32\wrap_oal.dll
[08/27/2008 12:25 PM | 00,016,832 | ---- | M] () - C:\WINDOWS\System32\amcompat.tlb
[08/27/2008 12:25 PM | 00,023,392 | ---- | M] () - C:\WINDOWS\System32\nscompat.tlb
[09/03/2008 02:44 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\System32\config.nt
[3 C:\WINDOWS\*.tmp files]
[08/27/2008 01:47 PM | 00,000,150 | ---- | M] () - C:\WINDOWS\system.ini
[08/27/2008 11:50 AM | 00,000,036 | ---- | M] () - C:\WINDOWS\vb.ini
[08/27/2008 11:50 AM | 00,000,037 | ---- | M] () - C:\WINDOWS\vbaddin.ini
[08/27/2008 11:51 AM | 00,000,749 | RH-- | M] () - C:\WINDOWS\WindowsShell.Manifest
[08/27/2008 11:52 AM | 00,000,000 | ---- | M] () - C:\WINDOWS\control.ini
[08/27/2008 11:52 AM | 00,004,161 | ---- | M] () - C:\WINDOWS\ODBCINST.INI
[08/27/2008 11:52 AM | 00,316,640 | ---- | M] () - C:\WINDOWS\WMSysPr9.prx
[08/27/2008 12:03 PM | 00,000,000 | ---- | M] () - C:\WINDOWS\nsreg.dat
[08/27/2008 12:25 PM | 00,000,431 | ---- | M] () - C:\WINDOWS\win.ini
[09/01/2008 11:12 PM | 00,000,956 | ---- | M] () - C:\WINDOWS\imsins.BAK
[09/07/2008 11:06 AM | 00,000,080 | ---- | M] () - C:\WINDOWS\gmer_uninstall.cmd
[09/07/2008 11:06 AM | 00,884,736 | ---- | M] () - C:\WINDOWS\gmer.dll
[09/07/2008 11:07 AM | 00,000,250 | ---- | M] () - C:\WINDOWS\gmer.ini
[09/07/2008 11:58 AM | 00,002,048 | --S- | M] () - C:\WINDOWS\bootstat.dat
[09/07/2008 11:58 AM | 00,000,006 | -H-- | M] () - C:\WINDOWS\tasks\SA.DAT
[08/27/2008 01:47 PM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\All Users\Application Data\desktop.ini
[08/27/2008 01:47 PM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\Carsten\Application Data\desktop.ini
[08/28/2008 11:45 AM | 00,024,520 | ---- | M] () - C:\Documents and Settings\Carsten\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[09/05/2008 01:49 PM | 06,385,962 | -H-- | M] () - C:\Documents and Settings\Carsten\Local Settings\Application Data\IconCache.db
[09/06/2008 10:32 PM | 00,006,144 | ---- | M] () - C:\Documents and Settings\Carsten\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[08/27/2008 01:47 PM | 00,000,062 | -HS- | M] () - C:\Documents and Settings\All Users\Documents\desktop.ini
[08/29/2008 05:12 PM | 00,084,093 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Titan_Quest_Keygen.zip
[08/29/2008 05:43 PM | 00,062,589 | ---- | M] () - C:\Documents and Settings\All Users\Documents\Titan.Quest.v1.30.No-Cd-DvD.Patch.rar
[08/29/2008 05:44 PM | 00,332,827 | ---- | M] () - C:\Documents and Settings\All Users\Documents\unl-tq3c.rar
[08/29/2008 05:51 PM | 00,062,830 | ---- | M] () - C:\Documents and Settings\All Users\Documents\TITAN.QUEST.V1.30.ALL.ATOTIK.NOCD.ZIP
[08/29/2008 05:54 PM | 00,418,244 | ---- | M] () - C:\Documents and Settings\All Users\Documents\TITAN.QUEST.V1.30.ALL.UNLEASHED.NOCD.ZIP
[08/29/2008 07:56 PM | 20,518,866 | ---- | M] () - C:\Documents and Settings\All Users\Documents\b-wic109.7z
[08/30/2008 02:27 AM | 00,309,425 | ---- | M] () - C:\Documents and Settings\All Users\Documents\download2.zip
[09/06/2008 03:28 PM | 33,007,900 | ---- | M] () - C:\Documents and Settings\All Users\Documents\WoA krank Kurator 2.avi
[08/27/2008 02:45 PM | 00,000,078 | -HS- | M] () - C:\Documents and Settings\Carsten\My Documents\desktop.ini
[08/29/2008 06:36 PM | 28,803,072 | ---- | M] () - C:\Documents and Settings\Carsten\My Documents\windows.iso
[08/29/2008 09:03 PM | 00,000,622 | ---- | M] () - C:\Documents and Settings\Carsten\My Documents\titan quest.reg
[09/06/2008 03:26 PM | 00,000,072 | ---- | M] () - C:\Documents and Settings\Carsten\My Documents\hfdhfd.jsf
[08/27/2008 01:10 PM | 00,001,722 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Thunderbird.lnk
[08/27/2008 01:21 PM | 00,000,902 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\xplorer2.lnk
[08/27/2008 12:00 PM | 00,001,693 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[08/27/2008 12:05 PM | 00,001,656 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[08/27/2008 12:24 PM | 00,000,925 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Foxit Reader.lnk
[08/27/2008 12:33 PM | 00,000,670 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\TrueCrypt.lnk
[08/27/2008 12:40 PM | 00,001,582 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\ImgBurn.lnk
[08/28/2008 12:51 AM | 00,000,761 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[08/29/2008 05:20 PM | 00,000,482 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\Fraps.lnk
[09/05/2008 06:24 PM | 00,000,822 | ---- | M] () - C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[08/29/2008 05:27 PM | 00,000,700 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\DVD Shrink 3.2.lnk
[09/05/2008 01:27 PM | 00,000,585 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\Titan Quest.exe.lnk
[09/05/2008 01:44 PM | 00,001,788 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\HijackThis.lnk
[09/05/2008 01:48 PM | 06,637,592 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\SUPERAntiSpyware.exe
[09/05/2008 12:16 PM | 00,008,305 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\stuff.ods
[09/07/2008 10:25 AM | 00,002,097 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\hjtscanlist.zip
[09/07/2008 10:55 AM | 00,304,189 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\RSIT.exe
[09/07/2008 10:59 AM | 00,008,958 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\rsit_fehler.png
[09/07/2008 11:04 AM | 00,066,048 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\mbr.exe
[09/07/2008 11:50 AM | 00,017,577 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\gmer_fehler.png
[09/07/2008 11:53 AM | 00,142,336 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\catchme.exe
[09/07/2008 11:55 AM | 00,231,390 | ---- | M] () - C:\Documents and Settings\Carsten\Desktop\RootkitRevealer.zip
[08/27/2008 11:52 AM | 00,000,084 | -HS- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
[09/05/2008 02:57 PM | 00,001,675 | ---- | M] () - C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Ralink Wireless Utility.lnk
[08/27/2008 11:52 AM | 00,000,084 | -HS- | M] () - C:\Documents and Settings\Carsten\Start Menu\Programs\Startup\desktop.ini

< End of report >

Extras:

Code:

OTViewIt Extras logfile created on: 07/09/2008 12:34:27 - Run 2
OTViewIt by OldTimer - Version 1.0.1.8     Folder = C:\Documents and Settings\Carsten\Desktop
Windows Server 2003  Service Pack 2 (Version = 5.2.3790) - Type = NTWorkstation
Internet Explorer (Version = 6.0.3790.1830)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
4.00 Gb Total Physical Memory | 3.33 Gb Available Physical Memory | 83.30% Memory free
3.76 Gb Paging File | 3.39 Gb Available in Paging File | 90.36% Paging File free
Paging file location(s): 
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 25.00 Gb Total Space | 12.48 Gb Free Space | 49.90% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 29.90 Gb Free Space | 74.75% Space Free | Partition Type: NTFS
Drive E: | 150.00 Gb Total Space | 63.74 Gb Free Space | 42.49% Space Free | Partition Type: NTFS
Drive F: | 25.00 Gb Total Space | 6.02 Gb Free Space | 24.10% Space Free | Partition Type: NTFS
Drive G: | 25.00 Gb Total Space | 8.45 Gb Free Space | 33.80% Space Free | Partition Type: NTFS
Drive H: | 245.76 Gb Total Space | 6.43 Gb Free Space | 2.62% Space Free | Partition Type: NTFS
Drive I: | 245.76 Gb Total Space | 6.48 Gb Free Space | 2.64% Space Free | Partition Type: NTFS
Drive J: | 45.03 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 4.36 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
File not found

"D:\PhRaGa\svn\trunk\bin\PhragaGame.exe" = D:\PhRaGa\svn\trunk\bin\PhragaGame.exe:*:Enabled:PhragaGame
[09/05/2008 10:43 AM | 00,260,608 | ---- | M] ()

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] - "%1" %*
.cmd [@ = cmdfile] - "%1" %*
.com [@ = comfile] - "%1" %*
.exe [@ = exefile] - "%1" %*
.pif [@ = piffile] - "%1" %*
.scr [@ = scrfile] - "%1" /S

========== Winsock2 Catalogs ==========

========== HKEY_LOCAL_MACHINE Protocol Defaults ==========


========== HKEY_CURRENT_USER Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== HKEY_USERS Protocol Defaults ==========


========== Protocol Handlers ==========

========== Protocol Filters ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{161A6021-8A74-4890-AB9C-2A3A7774B62C}" = OB WMP11
"{2CD2C0DB-81C3-416B-9FA6-589B9235359B}" = OpenOffice.org 2.4
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = Six Engine
"{699BAC7F-DC10-4709-97D8-45379301BBE7}" = NVIDIA PhysX v8.08.01
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB944899" = Hotfix for Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU (KB944899)
"{90A80D89-A0E4-33C1-B13D-B93CB3496867}.KB945140" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - ENU Service Pack 1 (KB945140)
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB953595" = Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D8087907-E255-3A41-A46D-D0F798709C71}.KB945282" = Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
"{D8087907-E255-3A41-A46D-D0F798709C71}.KB946040" = Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
"{D8087907-E255-3A41-A46D-D0F798709C71}.KB946308" = Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
"{D8087907-E255-3A41-A46D-D0F798709C71}.KB947540" = Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
"{D8087907-E255-3A41-A46D-D0F798709C71}.KB947789" = Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
"{D8087907-E255-3A41-A46D-D0F798709C71}.KB948127" = Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Ralink Wireless LAN Card
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"AudioCS" = Creative Audio Console
"avast!" = avast! Antivirus
"Console Launcher" = Creative Console Launcher
"Creative Volume Panel" = Volume Panel
"DVD Shrink_is1" = DVD Shrink 3.2
"ffdshow_is1" = ffdshow [rev 2020] [2008-06-22]
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps (remove only)
"Free Download Manager_is1" = Free Download Manager 2.5
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.12.8 rev a (remove only)
"HijackThis" = HijackThis 2.0.2
"ImgBurn" = ImgBurn
"KB923789" = Security Update for Windows XP (KB923789)
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"Mozilla Thunderbird (2.0.0.16)" = Mozilla Thunderbird (2.0.0.16)
"Notepad++" = Notepad++
"Pidgin" = Pidgin
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"VLC media player" = VideoLAN VLC media player 0.8.6i
"Vuze" = Vuze
"WinGimp-2.0_is1" = GIMP 2.4.7
"xplorer2p" = xplorer² professional

========== HKEY_CURRENT_USER Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== HKEY_USERS Uninstall List ==========


========== Last 10 Event Log Errors ==========


[ Antivirus Events ]

[ Application Events ]
Error - 27/08/2008 11:52:53 - Computer Name = CASI - User Name = CASI\Administrator - Source = MsiInstaller
Description = Product: Java(TM) 6 Update 7 -- Error 1606.Could not access network
 location http://javadl.sun.com/webapps/download/GetFile/1.6.0_07-b06/windows-i586/ja160000.cab.

Error - 27/08/2008 11:52:54 - Computer Name = CASI - User Name = CASI\Administrator - Source = MsiInstaller
Description = Product: Java(TM) 6 Update 7 -- Error 1606.Could not access network
 location http://javadl.sun.com/webapps/download/GetFile/1.6.0_07-b06/windows-i586/ja160000.cab.

Error - 04/09/2008 07:54:36 - Computer Name = CASI - User Name = User SID not found - Source = Winlogon
Description = 

Error - 04/09/2008 19:13:43 - Computer Name = CASI - User Name = User SID not found - Source = Winlogon
Description = 

Error - 05/09/2008 10:06:24 - Computer Name = CASI - User Name = User SID not found - Source = Winlogon
Description = 

Error - 05/09/2008 10:26:04 - Computer Name = CASI - User Name = CASI\Carsten - Source = Userenv
Description = Windows cannot determine the associated site for this computer. (The
 RPC server is unavailable. ). Group Policy processing aborted. 

Error - 05/09/2008 10:31:59 - Computer Name = CASI - User Name = NT AUTHORITY\SYSTEM - Source = Userenv
Description = Windows cannot determine the associated site for this computer. (The
 RPC server is unavailable. ). Group Policy processing aborted. 

Error - 05/09/2008 11:48:46 - Computer Name = CASI - User Name = CASI\Carsten - Source = MsiInstaller
Description = Product: SUPERAntiSpyware Free Edition -- Internal Error 2755. 110,
 C:\Program Files (x86)\Common Files\Wise Installation Wizard\WISCDDCBBF1270346BC938BBCC81A1EEAAA_4_21_0_1004.MSI

Error - 05/09/2008 23:38:39 - Computer Name = CASI - User Name = User SID not found - Source = Winlogon
Description = 

Error - 06/09/2008 21:13:49 - Computer Name = CASI - User Name = User SID not found - Source = EventSystem
Description = The COM+ Event System detected a bad return code during its internal
 processing.  HRESULT was 800706BA from line 44 of d:\nt\com\complus\src\events\tier1\eventsystemobj.cpp.
  Please contact Microsoft Product Support Services to report this erro


[ Security Events ]

[ System Events ]
Error - 07/09/2008 09:58:23 - Computer Name = CASI - User Name = NT AUTHORITY\LOCAL SERVICE - Source = DCOM
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission
 can be modified using the Component Services administrative tool.

Error - 07/09/2008 09:58:23 - Computer Name = CASI - User Name = NT AUTHORITY\LOCAL SERVICE - Source = DCOM
Description = The machine-default permission settings do not grant Local Activation
 permission for the COM Server application with CLSID   {555F3418-D99E-4E51-800A-6E89CFD8B1D7}

 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19).  This security permission
 can be modified using the Component Services administrative tool.

Error - 07/09/2008 09:58:24 - Computer Name = CASI - User Name = User SID not found - Source = Service Control Manager
Description = The SASDIFSV service failed to start due to the following error:   %%1275

Error - 07/09/2008 09:58:25 - Computer Name = CASI - User Name = User SID not found - Source = Service Control Manager
Description = The SASKUTIL service failed to start due to the following error:   %%1275

Error - 07/09/2008 09:58:31 - Computer Name = CASI - User Name = User SID not found - Source = Application Popup
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been 
blocked from loading due to incompatibility with this system. Please contact your
 software  vendor for a compatible version of the driver.

Error - 07/09/2008 09:58:31 - Computer Name = CASI - User Name = User SID not found - Source = Application Popup
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been 
blocked from loading due to incompatibility with this system. Please contact your
 software  vendor for a compatible version of the driver.

Error - 07/09/2008 09:58:31 - Computer Name = CASI - User Name = User SID not found - Source = Application Popup
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS has been 
blocked from loading due to incompatibility with this system. Please contact your
 software  vendor for a compatible version of the driver.

Error - 07/09/2008 09:58:31 - Computer Name = CASI - User Name = User SID not found - Source = Application Popup
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.sys has been 
blocked from loading due to incompatibility with this system. Please contact your
 software  vendor for a compatible version of the driver.

Error - 07/09/2008 09:58:34 - Computer Name = CASI - User Name = User SID not found - Source = Application Popup
Description = \??\C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS has been blocked
 from loading due to incompatibility with this system. Please contact your software
vendor
 for a compatible version of the driver.

Error - 07/09/2008 09:58:34 - Computer Name = CASI - User Name = User SID not found - Source = Service Control Manager
Description = The SASENUM service failed to start due to the following error:   %%1275


< End of report >

**Petra** · 07.09.2008, 13:52

Hallo BloodyFanatic,

bitte die folgenden Punkte in der vorgegebenen Reihenfolge abarbeiten:

===== Punkt 1 =====

Alte Java-Versionen entfernen

Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, müssen alte Java-Versionen vom System entfernt werden, da alte Versionen ein Sicherheitsrisiko darstellen, daher bitte über Systemsteuerung => Software alle älteren Java-Versionen deinstallieren und nur die aktuellste Version auf dem System lassen.

===== Punkt 2 =====

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Filesharing P2P Programme (Internet-Tauschbörsen) wie z. B. BitTorrent, eMule, KaZaa, Morpheus, Shareaza gehören leider zu den unseriösesten Anbietern von Downloads. Es werden sehr viele Schädlinge verbreitet, wenn überhaupt, nur ganz besonders vorsichtig damit umgehen und die Downloads vor dem Entpacken/Benutzen bei VirusTotal online prüfen lassen! Laut Studien sind 45% der über Tauschbörsen zum Download angebotenen Dateien mit Viren, Trojanern, Würmern oder sonstigen Schädlinge verseucht. Wie sollen die Viren-Programmierer auch sonst ihre Schätzchen verteilen! Hinzu kommt, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind und Du als Nutzer dadurch u. U. verleitet wirst, Straftaten zu begehen!

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher nach Möglichkeit alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren. Bei Dir sehe ich Azureus und Vuze, diese bitte deinstallieren.

===== Punkt 3 =====

Programme entfernen

Superantispyware über Systemsteuerung => Software wieder deinstallieren.
Rsit vom Desktop löschen und den Ordner C:\Rsit manuell löschen.
Die ganzen Rootkit-Programme wieder löschen.

===== Punkt 4 =====

Suche nach ADS mit HijackThis

HijackThis starten
Open the Misc Tools section
Open ADS Spy
Scan (um die Suche zu starten)
Wenn "Scan complete" erscheint => Save log... (um das Logfile zu speichern).
Noch nichts Löschen!
Logfile hier posten.

===== Punkt 5 =====

Einige Fragen zu Deinem System

Was ist Dein Laufwerk J:\ ?
Was ist das für ein Programm => "xplorer2p" = xplorer² professional? Ich konnte nur Infos zur xplorer2 Toolbar finden.
Benutzt Du den SQL Server? Falls nein, bitte deinstallieren.

===== Punkt 6 =====

Downloade Dr. Web CureIt! und speichere es auf Deinem Desktop. CureIt! ist für alle Computer mit MS Windows 95OSR2/ 98/Me/NT 4.0/2000/XP/2003/Vista Betriebssysteme geeignet.

Schalte Dein Antiviren-Programm ab.
Starte die launch.exe durch Doppelklick.
Dr. Web CureIt! legt nun automatisch einen eigenen Order in Deinem Userprofil an
C:\Dokumente und Einstellungen\<DeinBenutzername>\DoctorWeb
Klicke auf "Starten".
Breche die Schnellüberprüfung ab
(durch Klick auf den viereckigen grünen Button (rechts in der Mitte).
Stelle bei dem Reiter "Scannen" auf "Komplett scannen" um.
Starte nun den Komplett-Scan durch Klick auf den dreieckigen Button.
Wenn Funde gemacht werden, bitte desinfizieren lassen,
sollte das nicht möglich sein, die Funde verschieben lassen.
Wenn der Scan beendet ist und Funde zu verzeichnen waren:
im Menü auf Datei und Berichtliste speichern
und als DrWeb.cvs auf Deinem Desktop speichern.
Poste den Inhalt von DrWeb.cvs hier in den Thread.

**BloodyFanatic** · 07.09.2008, 20:23

1. Punkt:
ausgeführt.
2. Punkt:
Vuze (ehemals Azureus) deinstalliert. hatte ich gestern vormittag installiert, davor traten die probleme allerdings auch schon auf. egal, nun is das ding wieder runter.
3. Punkt:
erledigt.
4. Punkt:

Code:

C:\WINDOWS :   (8 bytes)

5. Punkt:
laufwerk J ist mein CD/DVD laufwerk. zur zeit liegt ne treiber cd drin, daher die kleine größe (45 MB). Habe ich jetzt rausgenommen.
xplorer²: http://www.zabkat.com/index.htm Bin ich nicht drauf angewiesen, aber ist viel besser als der windows explorer.
sql server: keine ahnung, womit der installiert wurde, wahrscheinlich mit dem MS Visual C++ kram. Habs deinstalliert, brauch ich nicht.
6. Punkt:
3:23 stunden laufen gelassen: 829014 gescannt.

funde:

Code:

data007\data001;H:\Download\wichtiges\daemon4124-lite.exe\data007;Adware.Shopper;;
data007\data002;H:\Download\wichtiges\daemon4124-lite.exe\data007;Adware.SaveNow.128;;
data007;H:\Download\wichtiges\daemon4124-lite.exe;Archive contains infected objects;;
daemon4124-lite.exe;H:\Download\wichtiges;Archive contains infected objects;Moved.;
data007\data001;H:\System Volume Information\_restore{0201C8F9-402B-4405-8187-C71DE54562CD}\RP28\A0004868.exe\data007;Adware.Shopper;;
data007\data002;H:\System Volume Information\_restore{0201C8F9-402B-4405-8187-C71DE54562CD}\RP28\A0004868.exe\data007;Adware.SaveNow.128;;
data007;H:\System Volume Information\_restore{0201C8F9-402B-4405-8187-C71DE54562CD}\RP28\A0004868.exe;Archive contains infected objects;;
A0004868.exe;H:\System Volume Information\_restore{0201C8F9-402B-4405-8187-C71DE54562CD}\RP28;Archive contains infected objects;Moved.;

**Petra** · 07.09.2008, 20:39

Hallo BloodyFanatic,

===== Punkt 1 =====

Dr. WebCureIt kannst Du wieder deinstallieren.

===== Punkt 2 =====

Suche nach ADS mit HijackThis

HijackThis starten
Open the Misc Tools section
Open ADS Spy
Scan (um die Suche zu starten)
Wenn "Scan complete" erscheint
Den Fund markieren und auf "Remove selected" klicken.

===== Punkt 3 =====

Jetzt brauche ich neue Logfiles, lasse OTViewIt noch einmal laufen.

Systemscan mit OtViewIt

Bitte lade OtViewIt von OldTimer herunter und speichere das Programm auf Deinem Desktop.

Schließe alle Anwendungen inkl. Browser.
Mache während des Scans nichts anderes an dem Rechner und klicke nicht in das Programm-Fenster.
Starte das Programm durch einen Doppelklick auf die OTViewIt.exe.
Mache einen Haken bei "Scan All Users".
Klicke auf den Button "Run Scan" links oben, um die Untersuchung zu starten
(bitte ohne Anweisung keine Änderungen der Einstellungen vornehmen).
Das Programm wird einige wichtige Bereiche Deines Systems prüfen und zwei Berichte erstellen.
Lasse das Programm in Ruhe scannen, bis es fertig ist.
Wenn der Scan durchgeführt ist (Scan complete!), öffnet sich der Editor mit einem Logfile.
Die Logfiles werden unter
C:\Dokumente und Einstellungen\<Benutzername>\Desktop\OtViewIt.Txt und
C:\Dokumente und Einstellungen\<Benutzername>\Desktop\Extras.Txt gespeichert.
Poste die Logfile in Code-Tags hier in den Thread.

Thema: XP x64 startet ständig neu

Themen-Optionen

XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

AW: XP x64 startet ständig neu

Aktive Benutzer

Aktive Benutzer

Ähnliche Themen

Hilfe Pc startet ständig neu,schwere Systemfehler

Windows startet neu, Programme schließen sich, Virenscanner startet nicht...

Rechner startet ständig neu - mglw. Virusbefall?!

PC startet nach Anmeldung ständig neu

PC startet neu nach ca.1,5 stunden neu ohne befehl oder eingabe?

Berechtigungen