Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Alle Programme starten sehr langsam - Logs anbei

Alle Programme starten sehr langsam - Logs anbei


Log-Analyse und Auswertung: Alle Programme starten sehr langsam - Logs anbei

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 17.12.2010, 08:38   #1
wahnfried
 
Alle Programme starten sehr langsam - Logs anbei - Standard

Alle Programme starten sehr langsam - Logs anbei


Windows 7 32bit
Seit gestern lahmt mein System extrem.
Jedes noch so kleine Programm dauert nach dem Doppelklick einige Sekunden, bis es sich öffnet. Danach dauert es erneut einige Sekunden, bis es ansprechbar ist.
Bei größeren Anwendungen, wie z.B. Windows Live Mail, dauert es schonmal einige Minuten...

Ich hoffe ich kann durch Eure Hilfe einen formatc verhindern, hier die Logs:

Zitat:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5341

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.12.2010 07:40:00
mbam-log-2010-12-17 (07-40-00).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 178446
Laufzeit: 1 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 07:43 on 17/12/2010 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-17 08:01:16
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_MMCRE28G5MXP-0VB rev.VBM1901Q
Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\fwlcipob.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT 96C53D73 ZwLoadDriver
SSDT 96C53D78 ZwSetSystemInformation
SSDT 96C53D37 ZwTerminateProcess
SSDT 96C53D32 ZwWriteVirtualMemory
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8325B599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 45C 8328796C 4 Bytes [73, 3D, C5, 96]
.text ntkrnlpa.exe!RtlSidHashLookup + 768 83287C78 4 Bytes [78, 3D, C5, 96]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83287CC8 4 Bytes [37, 3D, C5, 96]
.text ntkrnlpa.exe!RtlSidHashLookup + 82C 83287D3C 4 Bytes [32, 3D, C5, 96]
PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B3634000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B3634123 629 Bytes [F5, 62, B3, FE, 05, 34, F5, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 5329 B3634399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 538F B36343FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]
PAGE spsys.sys!?SPRevision@@3PADA + 543B B36344AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]
PAGE ... 
.text autochk.exe 002311F0 4 Bytes [E5, 36, E9, 6D]
.text autochk.exe 002311F7 3 Bytes [80, 55, 02]
.text autochk.exe 00231204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL}
.text autochk.exe 0023120C 1 Byte [00]
.text autochk.exe 00231210 1 Byte [00]
.text ... 
 
---- User code sections - GMER 1.0.15 ----
 
.text C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!LdrLoadDll 7796F625 5 Bytes JMP 003B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[5628] USER32.dll!TrackPopupMenu 77AA4B3B 5 Bytes JMP 69422342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
 
---- Devices - GMER 1.0.15 ----
 
Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation)
 
AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis)
 
Device USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation)
Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation)
 
AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\Tcp nltdi.sys
 
Device usbhub.sys (Default Hub Driver for USB/Microsoft Corporation)
 
AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\Udp nltdi.sys
AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH)
AttachedDevice \Driver\tdx \Device\RawIp nltdi.sys
 
Device \Driver\ACPI_HAL \Device\0000007d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
 
---- Registry - GMER 1.0.15 ----
 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x37 0x67 0xF0 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0B 0x27 0x13 0xA3 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0C 0x6B 0x84 0x17 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x37 0x67 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0B 0x27 0x13 0xA3 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0C 0x6B 0x84 0x17 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5ADD1F2E-73D8-1918-DE2B-6E23E2EE4D8D} 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5ADD1F2E-73D8-1918-DE2B-6E23E2EE4D8D}@iakmghdmpidpmikphh 0x6B 0x61 0x67 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5ADD1F2E-73D8-1918-DE2B-6E23E2EE4D8D}@haanbbcnbejcgpao 0x6B 0x61 0x67 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCF2BF2E-2193-61EF-03B1-61A222CA57B8} 
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCF2BF2E-2193-61EF-03B1-61A222CA57B8}@makohjbmhdnigckngkemdgdaef 0x6B 0x61 0x69 0x6A ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCF2BF2E-2193-61EF-03B1-61A222CA57B8}@naeafnhlfmahknobmfgfnooiagdl 0x6B 0x61 0x69 0x6A ...
 
---- EOF - GMER 1.0.15 ----
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.12.2010 08:09:07 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,24 Gb Total Space | 54,23 Gb Free Space | 45,47% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1337,57 Gb Free Space | 71,80% Space Free | Partition Type: NTFS
Drive Z: | 931,51 Gb Total Space | 518,16 Gb Free Space | 55,63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.17 07:28:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.12.08 11:57:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.11.02 12:59:54 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.02 12:59:53 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2010.11.02 12:59:53 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2010.11.02 12:59:53 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
PRC - [2010.11.02 12:59:53 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2010.08.30 13:10:44 | 001,085,440 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 3\nlsvc.exe
PRC - [2010.06.12 18:14:06 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2010.03.27 17:39:02 | 000,752,184 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2010.03.25 09:52:30 | 001,374,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe
PRC - [2010.02.14 01:53:52 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe
PRC - [2010.02.14 01:53:28 | 000,492,544 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe
PRC - [2010.01.14 21:09:33 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009.06.25 07:07:32 | 007,547,424 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.03.13 04:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.03.13 04:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.13 10:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.17 07:28:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2010.02.14 01:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll
MOD - [2010.02.14 01:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll
MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.07.14 02:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL
MOD - [2009.07.14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll
MOD - [2009.07.14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll
MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009.07.14 02:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
MOD - [2009.07.14 02:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll
MOD - [2009.07.14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll
MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.07.14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll
MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll
MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.12.08 11:57:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.11.02 12:59:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.02 12:59:53 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2010.11.02 12:59:53 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.11.02 12:59:53 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.10.09 14:48:14 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\***\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service)
SRV - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.08.30 13:10:44 | 001,085,440 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc)
SRV - [2010.06.29 07:10:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.06.12 18:14:06 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2010.03.27 17:39:02 | 000,752,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009.03.13 04:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO)
DRV - [2010.12.17 07:46:14 | 000,024,944 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010.12.08 12:04:16 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.11.22 14:25:17 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC)
DRV - [2010.11.10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010.11.02 12:59:55 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2010.09.07 19:07:29 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.08.30 13:24:02 | 005,281,672 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi)
DRV - [2010.08.30 13:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisPT)
DRV - [2010.08.30 13:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisMP)
DRV - [2010.07.10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP)
DRV - [2010.06.24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand)
DRV - [2010.06.15 09:44:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010.06.12 23:20:59 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010.06.12 18:14:06 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010.06.12 18:14:06 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp)
DRV - [2010.06.12 18:14:05 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010.06.12 18:14:04 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010.06.01 16:28:08 | 000,612,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arusb_win7.sys -- (arusb_win7)
DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010.03.25 08:36:42 | 000,841,504 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2010.02.15 14:23:49 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2010.01.29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.07.30 12:58:26 | 000,187,392 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.07.07 13:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009.07.07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009.06.25 07:07:34 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.11.14 01:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007.10.11 10:10:52 | 000,030,008 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ET5Drv.sys -- (ET5Drv)
DRV - [2007.09.27 13:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JmtFltr.sys -- (JmtFltr)
DRV - [2007.09.19 16:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vhidmini.sys -- (vhidmini)
DRV - [2007.04.26 00:53:46 | 000,025,088 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 74 D5 3A 75 90 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {E6463D12-450D-45eb-9D47-804AEB0A9561}:2.2.0
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 11:06:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 11:06:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.12 20:44:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.06.12 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.06.12 20:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.28 08:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2sbdasam.default\extensions
[2010.12.16 17:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions
[2010.06.12 20:55:37 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2010.06.12 19:40:16 | 000,000,000 | ---D | M] (Find Toolbar Tweaks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\{E6463D12-450D-45eb-9D47-804AEB0A9561}
[2010.11.02 07:05:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\DeviceDetection@logitech.com
[2010.09.07 19:07:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\DTToolbar@toolbarnet.com
[2010.06.12 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\youtube2mp3@mondayx.de
[2010.12.13 19:27:29 | 000,000,886 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\appledocs.xml
[2010.09.07 19:07:46 | 000,002,059 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\daemon-search.xml
[2009.11.09 08:38:37 | 000,001,741 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\idealode.xml
[2010.01.13 21:40:27 | 000,001,512 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\imdb.xml
[2009.11.27 15:13:59 | 000,001,747 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\leo-deu-spa.xml
[2010.04.01 12:41:39 | 000,004,771 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\medipreis.xml
[2010.04.01 17:50:27 | 000,001,011 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\torrentz-search.xml
[2009.11.09 07:49:29 | 000,001,720 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\youtube-videosuche.xml
[2010.12.16 17:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.06.13 08:55:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.15 19:03:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.11 06:50:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.11 08:26:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.12.02 16:58:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010.12.11 11:06:25 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.11 11:06:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.11 11:06:25 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.11 11:06:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.11 11:06:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.11 06:25:06 | 000,415,969 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14356 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Copy Handler] File not found
O4 - HKLM..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe ()
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.)
O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician (Beta).lnk = C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\Flash Capture\fciext.dll File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.)
MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
MsConfig - StartUpReg: Mikogo - hkey= - key= - C:\Users\***\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo)
MsConfig - StartUpReg: MX Skype Recorder - hkey= - key= - C:\ProgramData\MXSkypeRecorder\MXSkypeRecorder.exe (Ammyy Group)
MsConfig - StartUpReg: Samsung SSD Magician - hkey= - key= - C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
MsConfig - StartUpReg: Steam - hkey= - key= - D:\Program Files\Steam\steam.exe (Valve Corporation)
MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe ()
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.17 07:36:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.12.17 07:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010.12.17 07:25:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.17 07:24:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.17 07:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.17 07:24:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.17 07:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.12.17 07:22:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.15 09:47:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Copy Handler
[2010.12.15 09:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Copy Handler
[2010.12.11 09:45:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1.02.21_WDLXTV.COM_WDLXTV_LIVE-0.4.3.1
[2010.12.11 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1.02.21_WDLXTV.COM_EXT3-BOOT_LIVE-0.4.3.1
[2010.12.11 07:48:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1.02.21_WDLXTV.COM_WDLXTV_LIVE-0.4.2.2
[2010.12.09 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RealWorld
[2010.12.09 08:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Cursor Editor
[2010.12.07 22:09:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\The KMPlayer
[2010.12.07 22:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer
[2010.12.06 06:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2010.12.05 20:49:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SightSpeed Recordings
[2010.12.05 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogiShrd
[2010.12.05 20:48:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.12.05 20:48:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd
[2010.12.05 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.12.05 20:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS
[2010.12.05 20:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enable Viacam
[2010.12.05 20:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd
[2010.12.03 09:21:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Workrave
[2010.12.03 06:39:41 | 000,000,000 | ---D | C] -- C:\totalcmd
[2010.12.03 06:39:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.11.30 16:47:59 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010.11.30 16:47:59 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010.11.30 16:47:59 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010.11.30 16:47:59 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010.11.30 16:47:59 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010.11.30 16:47:58 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010.11.30 16:47:58 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010.11.30 16:47:58 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010.11.30 16:47:58 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010.11.30 16:47:58 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010.11.30 16:47:57 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010.11.30 16:47:57 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010.11.30 16:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010.11.30 04:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.11.30 04:34:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TuneClone
[2010.11.30 04:34:20 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Music
[2010.11.30 04:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneClone
[2010.11.29 21:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\WMCap
[2010.11.29 21:07:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sytexis Software
[2010.11.29 21:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sytexis Software
[2010.11.29 21:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Video Recorder
[2010.11.26 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA
[2010.11.24 09:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SSD Magician
[2010.11.24 09:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2010.11.24 08:36:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics
[2010.11.24 08:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics
[2010.11.23 09:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010.11.20 16:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14
[2010.11.20 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Streaming Media
[2010.11.20 16:45:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Jaksta_Technologies_Pty_L
[2010.11.20 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Replay Media Catcher 4
[2010.11.20 16:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies
[2010.11.19 18:35:13 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.17 07:53:26 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.17 07:53:26 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.17 07:50:09 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.17 07:50:09 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.17 07:50:09 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.17 07:50:09 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.17 07:46:14 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010.12.17 07:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.17 07:45:44 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.17 07:43:56 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable
[2010.12.17 07:35:41 | 000,000,869 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.12.17 07:35:41 | 000,000,850 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.12.17 07:27:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.17 07:27:50 | 000,288,107 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.17 07:24:44 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.17 07:16:28 | 000,471,560 | ---- | M] () -- C:\Users\***\Desktop\Load.exe
[2010.12.15 21:55:01 | 000,008,432 | ---- | M] () -- C:\Windows\System32\secustat.dat
[2010.12.15 17:34:44 | 000,042,896 | ---- | M] () -- C:\Users\***\Desktop\Mr__Magoriums_Wunderladen_10.12.14_20-15_vox_110_TVOON_DE.mpg.HQ.jpg
[2010.12.15 15:39:00 | 000,012,096 | ---- | M] () -- C:\Users\***\Desktop\105278.jpg
[2010.12.15 11:29:29 | 000,012,457 | ---- | M] () -- C:\Users\***\Desktop\Takers (2).jpg
[2010.12.15 09:53:55 | 000,007,532 | ---- | M] () -- C:\Users\***\Desktop\Ich.sehe.den.Mann.deiner.Traeume.jpg
[2010.12.15 09:47:28 | 000,000,932 | ---- | M] () -- C:\Users\***\Desktop\Copy Handler.lnk
[2010.12.15 09:37:54 | 000,094,636 | ---- | M] () -- C:\Windows\dropcpyr.dll
[2010.12.15 09:37:54 | 000,073,728 | ---- | M] () -- C:\Windows\copyfstq.exe
[2010.12.15 09:15:01 | 000,002,082 | ---- | M] () -- C:\Users\***\Desktop\Party EzCASH.lnk
[2010.12.15 07:31:09 | 000,291,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.13 15:27:07 | 000,003,021 | ---- | M] () -- C:\Users\***\Desktop\TableNinjaFT.lnk
[2010.12.10 21:03:31 | 000,015,088 | ---- | M] () -- C:\Users\***\Desktop\catsanddogs2.jpg
[2010.12.10 21:02:22 | 000,010,240 | ---- | M] () -- C:\Users\***\Desktop\Monsters.jpg
[2010.12.09 20:16:51 | 000,058,177 | ---- | M] () -- C:\Users\***\Desktop\Dexter.S05E11.720p.HDTV.x264-IMMERSE.de.srt
[2010.12.09 08:55:53 | 000,004,286 | ---- | M] () -- C:\Users\***\Desktop\Document0001.cur
[2010.12.09 08:52:10 | 000,003,105 | ---- | M] () -- C:\Users\***\Desktop\RealWorld Cursor Editor.lnk
[2010.12.09 08:51:30 | 006,876,160 | ---- | M] () -- C:\Users\***\Desktop\RWCursorEditor32_2009.1.msi
[2010.12.08 13:45:08 | 000,001,053 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.12.08 12:04:16 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.07 22:08:27 | 000,000,968 | ---- | M] () -- C:\Users\***\Desktop\KMPlayer.lnk
[2010.12.06 16:51:00 | 000,059,940 | ---- | M] () -- C:\Users\***\Desktop\Dexter.S05E11.HDTV.XviD-FEVER.srt
[2010.12.06 12:43:20 | 000,108,685 | ---- | M] () -- C:\Users\***\Desktop\ninja.jpg
[2010.12.05 20:49:08 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2010.12.05 20:48:17 | 000,001,553 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2010.12.05 20:46:39 | 000,001,058 | ---- | M] () -- C:\Users\***\Desktop\eViacam.lnk
[2010.12.05 17:51:23 | 000,007,792 | ---- | M] () -- C:\Users\***\Desktop\weihnact.jpg
[2010.12.05 10:19:30 | 000,001,460 | ---- | M] () -- C:\Users\***\Desktop\Advanced PLO Theory Volume 2 v3 printable secured.pdf - Verknüpfung.lnk
[2010.12.04 15:41:02 | 000,020,199 | ---- | M] () -- C:\Users\***\Desktop\since group coaching.JPG
[2010.12.03 13:09:52 | 000,000,218 | ---- | M] () -- C:\Users\***\.recently-used.xbel
[2010.12.03 09:01:56 | 000,001,142 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician (Beta).lnk
[2010.12.03 09:01:56 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Samsung SSD Magician (Beta).lnk
[2010.12.03 07:07:55 | 000,253,098 | ---- | M] () -- C:\Users\***\Desktop\Ansky on Tilt.mp3
[2010.12.03 06:39:43 | 000,000,643 | ---- | M] () -- C:\Users\***\Desktop\Total Commander.lnk
[2010.12.03 06:29:50 | 000,001,918 | ---- | M] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2010.11.30 16:47:59 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.11.30 16:47:59 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.11.30 04:10:22 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Stars Modded.lnk
[2010.11.29 21:39:55 | 000,000,936 | ---- | M] () -- C:\Users\***\Desktop\WM Capture.lnk
[2010.11.29 21:24:58 | 000,001,275 | ---- | M] () -- C:\Users\***\Desktop\Direct Stream Recorder.lnk
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF
[2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF
[2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF
[2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF
[2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\NOCLOSE.PIF
[2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF
[2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF
[2010.11.28 10:13:42 | 000,006,928 | ---- | M] () -- C:\Users\***\Desktop\Der.letzte.Exorzismus.jpg
[2010.11.28 10:11:43 | 000,012,457 | ---- | M] () -- C:\Users\***\Desktop\Takers.jpg
[2010.11.24 08:35:56 | 222,903,195 | ---- | M] () -- C:\Users\***\Desktop\PLO on French Site .wmv
[2010.11.23 11:47:12 | 000,000,215 | ---- | M] () -- C:\Users\***\Desktop\R.U.S.E.url
[2010.11.23 11:34:36 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.11.22 14:25:17 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.11.21 11:57:56 | 000,012,982 | ---- | M] () -- C:\Users\***\Documents\Time_Template.odt
[2010.11.21 11:57:56 | 000,000,101 | -H-- | M] () -- C:\Users\***\Documents\.~lock.Time_Template.odt#
[2010.11.20 21:49:24 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.11.20 17:05:29 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\WM Converter.lnk
[2010.11.20 17:05:29 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\WM Recorder 14.lnk
[2010.11.20 16:44:10 | 000,002,637 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010.11.20 15:58:42 | 000,003,017 | ---- | M] () -- C:\Users\***\Desktop\TableNinja.lnk
[2010.11.19 18:44:13 | 018,199,736 | ---- | M] () -- C:\Users\***\Desktop\MJH vs WMS.flv
[2010.11.19 18:23:53 | 000,008,192 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2010.12.17 07:48:05 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe
[2010.12.17 07:43:38 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable
[2010.12.17 07:35:41 | 000,000,869 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk
[2010.12.17 07:35:41 | 000,000,850 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk
[2010.12.17 07:24:44 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.17 07:22:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe
[2010.12.17 07:22:40 | 000,288,107 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip
[2010.12.17 07:16:27 | 000,471,560 | ---- | C] () -- C:\Users\***\Desktop\Load.exe
[2010.12.15 17:34:44 | 000,042,896 | ---- | C] () -- C:\Users\***\Desktop\Mr__Magoriums_Wunderladen_10.12.14_20-15_vox_110_TVOON_DE.mpg.HQ.jpg
[2010.12.15 15:39:00 | 000,012,096 | ---- | C] () -- C:\Users\***\Desktop\105278.jpg
[2010.12.15 11:29:29 | 000,012,457 | ---- | C] () -- C:\Users\***\Desktop\Takers (2).jpg
[2010.12.15 09:53:55 | 000,007,532 | ---- | C] () -- C:\Users\***\Desktop\Ich.sehe.den.Mann.deiner.Traeume.jpg
[2010.12.15 09:47:28 | 000,000,932 | ---- | C] () -- C:\Users\***\Desktop\Copy Handler.lnk
[2010.12.15 09:37:54 | 000,094,636 | ---- | C] () -- C:\Windows\dropcpyr.dll
[2010.12.15 09:37:54 | 000,073,728 | ---- | C] () -- C:\Windows\copyfstq.exe
[2010.12.15 08:06:59 | 000,058,177 | ---- | C] () -- C:\Users\***\Desktop\Dexter.S05E11.720p.HDTV.x264-IMMERSE.de.srt
[2010.12.10 21:03:31 | 000,015,088 | ---- | C] () -- C:\Users\***\Desktop\catsanddogs2.jpg
[2010.12.10 21:02:22 | 000,010,240 | ---- | C] () -- C:\Users\***\Desktop\Monsters.jpg
[2010.12.09 14:59:28 | 000,059,940 | ---- | C] () -- C:\Users\***\Desktop\Dexter.S05E11.HDTV.XviD-FEVER.srt
[2010.12.09 08:55:53 | 000,004,286 | ---- | C] () -- C:\Users\***\Desktop\Document0001.cur
[2010.12.09 08:52:10 | 000,003,105 | ---- | C] () -- C:\Users\***\Desktop\RealWorld Cursor Editor.lnk
[2010.12.09 08:51:07 | 006,876,160 | ---- | C] () -- C:\Users\***\Desktop\RWCursorEditor32_2009.1.msi
[2010.12.08 13:45:08 | 000,001,053 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.12.07 22:08:27 | 000,000,968 | ---- | C] () -- C:\Users\***\Desktop\KMPlayer.lnk
[2010.12.06 12:38:51 | 000,108,685 | ---- | C] () -- C:\Users\***\Desktop\ninja.jpg
[2010.12.05 20:49:08 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk
[2010.12.05 20:48:17 | 000,001,553 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk
[2010.12.05 20:46:39 | 000,001,058 | ---- | C] () -- C:\Users\***\Desktop\eViacam.lnk
[2010.12.05 17:51:23 | 000,007,792 | ---- | C] () -- C:\Users\***\Desktop\weihnact.jpg
[2010.12.05 10:19:30 | 000,001,460 | ---- | C] () -- C:\Users\***\Desktop\Advanced PLO Theory Volume 2 v3 printable secured.pdf - Verknüpfung.lnk
[2010.12.04 15:41:01 | 000,020,199 | ---- | C] () -- C:\Users\***\Desktop\since group coaching.JPG
[2010.12.03 13:09:52 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.12.03 09:01:56 | 000,001,142 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician (Beta).lnk
[2010.12.03 09:01:56 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Samsung SSD Magician (Beta).lnk
[2010.12.03 07:07:55 | 000,253,098 | ---- | C] () -- C:\Users\***\Desktop\Ansky on Tilt.mp3
[2010.12.03 06:39:43 | 000,000,643 | ---- | C] () -- C:\Users\***\Desktop\Total Commander.lnk
[2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF
[2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF
[2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF
[2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF
[2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF
[2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF
[2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF
[2010.12.03 06:29:50 | 000,001,918 | ---- | C] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk
[2010.11.30 16:47:59 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010.11.30 16:47:59 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.11.30 16:47:59 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.11.30 16:47:58 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010.11.30 16:47:58 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010.11.30 16:47:58 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010.11.30 16:47:57 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010.11.30 16:47:57 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010.11.30 16:47:57 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010.11.30 16:47:57 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010.11.29 21:39:55 | 000,000,936 | ---- | C] () -- C:\Users\***\Desktop\WM Capture.lnk
[2010.11.29 21:24:58 | 000,001,275 | ---- | C] () -- C:\Users\***\Desktop\Direct Stream Recorder.lnk
[2010.11.28 10:13:42 | 000,006,928 | ---- | C] () -- C:\Users\***\Desktop\Der.letzte.Exorzismus.jpg
[2010.11.28 10:11:43 | 000,012,457 | ---- | C] () -- C:\Users\***\Desktop\Takers.jpg
[2010.11.24 08:27:47 | 222,903,195 | ---- | C] () -- C:\Users\***\Desktop\PLO on French Site .wmv
[2010.11.23 11:47:12 | 000,000,215 | ---- | C] () -- C:\Users\***\Desktop\R.U.S.E.url
[2010.11.23 09:07:36 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2010.11.21 11:57:01 | 000,000,101 | -H-- | C] () -- C:\Users\***\Documents\.~lock.Time_Template.odt#
[2010.11.20 16:56:46 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\WM Converter.lnk
[2010.11.20 16:56:46 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\WM Recorder 14.lnk
[2010.11.20 16:44:10 | 000,002,637 | ---- | C] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk
[2010.11.20 15:58:42 | 000,003,017 | ---- | C] () -- C:\Users\***\Desktop\TableNinja.lnk
[2010.11.19 18:41:18 | 018,199,736 | ---- | C] () -- C:\Users\***\Desktop\MJH vs WMS.flv
[2010.11.10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2010.11.10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2010.11.10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010.10.25 08:30:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2010.10.08 19:13:44 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.18 07:40:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.06.16 08:17:25 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2010.06.13 09:38:20 | 000,087,040 | ---- | C] () -- C:\Windows\System32\TrayIcon12.dll
[2010.06.13 09:38:20 | 000,061,952 | ---- | C] () -- C:\Windows\System32\ajnetmask.dll
[2010.06.13 05:48:04 | 000,000,045 | ---- | C] () -- C:\Users\***\AppData\Local\machpro.dat
[2010.06.12 23:20:27 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys
[2010.06.12 23:10:51 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2010.06.12 21:11:28 | 000,067,462 | ---- | C] () -- C:\Program Files\hminstalllog.txt
[2010.06.12 20:05:13 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2010.06.12 17:54:30 | 000,048,896 | ---- | C] () -- C:\Windows\System32\drivers\JmtFltr.sys
[2010.06.12 17:16:44 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.06.12 17:11:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2000.02.11 08:47:38 | 000,003,120 | ---- | C] () -- C:\Windows\TMN211G.ini
 
========== LOP Check ==========
 
[2010.08.09 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2010.11.24 08:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics
[2010.12.16 07:51:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS
[2010.06.14 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2010.09.08 07:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.06.12 20:54:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet
[2010.06.12 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGetBHO
[2010.10.05 14:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2010.12.03 06:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER
[2010.08.29 20:17:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.12.16 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data
[2010.06.19 17:23:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn
[2010.06.15 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\innoPlus
[2010.12.05 20:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2010.10.05 15:11:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MagicMaps
[2010.10.09 14:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mikogo
[2010.06.22 08:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.10.10 11:17:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\n52te
[2010.06.15 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.29 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\postgresql
[2010.11.20 16:45:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Replay Media Catcher 4
[2010.11.29 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software
[2010.10.08 19:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2010.12.15 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy
[2010.06.12 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ThumbGen
[2010.06.12 20:45:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.12.03 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Workrave
[2010.09.20 08:16:30 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.06.12 18:03:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.12.17 07:45:44 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.12 17:16:55 | 000,000,190 | ---- | M] () -- C:\Install.log
[2010.12.17 07:45:45 | 3488,079,872 | -HS- | M] () -- C:\pagefile.sys
[2010.10.08 22:18:57 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2010.06.12 17:15:15 | 000,001,841 | ---- | M] () -- C:\RHDSetup.log
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008.10.09 04:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9D.DLL
[2008.10.09 04:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9D.DLL
[2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2010.02.14 01:52:34 | 000,240,128 | ---- | M] (Realtime Soft Ltd) -- C:\Windows\UltraMon.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2010.06.12 21:11:28 | 000,067,462 | ---- | M] () -- C:\Program Files\hminstalllog.txt
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: WININIT.EXE >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-17 06:03:04
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 741 bytes -> C:\Users\***\Desktop\765E4C1D-00000052.eml:OECustomProperty
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE
 
< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 17.12.2010 08:09:07 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Public\Desktop\MFtools
An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,24 Gb Total Space | 54,23 Gb Free Space | 45,47% Space Free | Partition Type: NTFS
Drive D: | 1863,01 Gb Total Space | 1337,57 Gb Free Space | 71,80% Space Free | Partition Type: NTFS
Drive Z: | 931,51 Gb Total Space | 518,16 Gb Free Space | 55,63% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor
"{0CA1C412-6716-40E8-B033-006002E7F7EC}" = MagicMaps Support und Update Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician (Beta)
"{2F083216-8203-4E94-8C7C-EDF1C91D037D}" = RealWorld Cursor Editor
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31B5B620-CA8A-4F99-A64E-7DDB3D1BBB69}_is1" = appleJuice Client
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5
"{41B02081-FE64-4DB9-83F0-F5D15EBF8FF9}" = Replay Media Catcher 4
"{4767E0D4-05E9-4EC2-AD78-7AE1680D602C}" = Snowie Version 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8
"{5049FE6D-46A4-4BA4-B9A9-6406AFAAB60D}" = TableNinja
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5B48A8D9-D1AD-4424-BD4D-E462737099DF}" = SportTracks 3.0
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility
"{655B0665-7688-4269-B5B0-EC2D8F62D8B7}" = MagicMaps Tour Explorer Deutschland
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8E7C9790-9804-44E9-8B50-34D5F448570B}" = MagicMaps Hessen Rheinland-Pfalz Saarland 3.0
"{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.32Final
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A5049F43-18B8-4984-9B98-FE701B0D2526}" = Camtasia Studio 5
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus
"{BF2FC5F6-EC88-4CA5-BD83-DC6613FD077D}_is1" = Enable Viacam 1.4
"{C1DEC47C-0C5A-499F-B5A8-7CB516CB2B48}" = TableNinjaFT
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 2.2.1.0)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avira AntiVir Desktop" = Avira Premium Security Suite
"Bestpoker Classic_is1" = Bestpoker Classic
"Camtasia Studio 3" = Camtasia Studio 3
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"EasyTune5Pro" = EasyTune5Pro
"ERUNT_is1" = ERUNT 1.1j
"FlashGet 3.3" = FlashGet 3.3
"HD Tune_is1" = HD Tune 2.55
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"HoldemManager" = Holdem Manager
"ImgBurn" = ImgBurn
"Linksys Wireless Manager" = Linksys Wireless Manager
"Logitech Vid" = Logitech Vid HD
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaInfo" = MediaInfo 0.7.35
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mikogo" = Mikogo
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"mp3splt-gtk" = mp3splt-gtk
"Mp3tag" = Mp3tag v2.46a
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Party EzCASH Card Mod - Yellow Spades Modern Party Layout" = Party EzCASH Card Mod - Yellow Spades Modern Party Layout
"Party EzCASH Registered" = Party EzCASH Registered
"PartyPoker" = PartyPoker
"PokerStars" = PokerStars
"Revo Uninstaller" = Revo Uninstaller 1.88
"StarCraft II" = StarCraft II
"Steam App 21970" = R.U.S.E
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"Totalcmd" = Total Commander (Remove or Repair)
"Trackbuster" = Trackbuster GUI
"TrueMoneyGames" = TrueMoneyGames 6.3
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.1.0
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WM Capture" = WM Capture
"WM Recorder" = WM Recorder
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FreePHG V3.05" = FreePHG V3.05
"FreePHG V3.06" = FreePHG V3.06
"HHLoader" = HHLoader
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
--- --- ---
Alt 17.12.2010, 10:30   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alle Programme starten sehr langsam - Logs anbei - Standard

Alle Programme starten sehr langsam - Logs anbei


Hallo und

Zitat:
Art des Suchlaufs: Quick-Scan
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________

__________________
Alt 17.12.2010, 12:57   #3
wahnfried
 
Alle Programme starten sehr langsam - Logs anbei - Standard

Alle Programme starten sehr langsam - Logs anbei


Inzwischen habe ich AVIRA deinstalliert und neu drauf gemacht.
Das hat das Problem erstmal behoben.
Vielleicht kann ja trotzdem mal jemand über die Logs schauen...

Zitat:
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5342

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

17.12.2010 12:52:09
mbam-log-2010-12-17 (12-52-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Z:\|)
Durchsuchte Objekte: 460057
Laufzeit: 35 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\Desktop\small apps\mailpassview\mailpv.exe (PUP.MailPassView) -> Not selected for removal.
c:\Windows\System32\secushr.dat (Malware.Trace) -> Quarantined and deleted successfully.
__________________
Alt 17.12.2010, 14:27   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alle Programme starten sehr langsam - Logs anbei - Standard

Alle Programme starten sehr langsam - Logs anbei


Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 18.12.2010, 10:47   #5
wahnfried
 
Alle Programme starten sehr langsam - Logs anbei - Standard

Alle Programme starten sehr langsam - Logs anbei


nachdem ich cofi gestern abend gestartet habe, war die Meldung "Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen" die letzte Stunde bevor ich ins Bett bin zu lesen.
Vorhin wache ich auf, der Bidschirm ist schwarz, man sieht nur den Cursor, der lässt sich aber nicht bewegen...
Jetzt einfach Knopf drücken und Neustart?


Alt 18.12.2010, 14:51   #6
wahnfried
 
Alle Programme starten sehr langsam - Logs anbei - Standard

Alle Programme starten sehr langsam - Logs anbei


OK, hab halt einfach mal neu gestartet.
Scheint alles zu laufen.

Aber C:\ComboFix.txt kann ich leider nicht finden...

Alt 19.12.2010, 15:40   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Alle Programme starten sehr langsam - Logs anbei - Standard

Alle Programme starten sehr langsam - Logs anbei


Führ CF bitte nochmal aus.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Alle Programme starten sehr langsam - Logs anbei
alle programme, alternate, ammyy, antivir, avgntflt.sys, bho, canon, corp./icp, cursor, defender, desktop, error, firefox, firefox.exe, flash player, fontcache, install.exe, langs, langsam, location, logfile, mozilla, mozilla thunderbird, mp3, ntdll.dll, nvlddmkm.sys, nvstor.sys, oldtimer, plug-in, programdata, programm, programme starten sehr langsam, realtek, registry, remote control, remote software, required, revo uninstaller, rundll, safer networking, saver, searchplugins, security, sehr langsam, sekunden, shell32.dll, software, start menu, starten, studio, super, system, system restore, tcp, udp, vlc media player, webcheck, windows


« Internet Explorer öffnet sich ungewollt und zeigt Werbung | fehlercode 80072EFE: und andere probleme »


Ähnliche Themen: Alle Programme starten sehr langsam - Logs anbei


  1. Nach Download läuft alles sehr sehr langsam, Internet funktioniert nicht, Programme lassen sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 02.09.2015 (3)
  2. Laptop läd Programme sehr langsam, Programme-Fehlermeldung (keine Rückmeldung) & im Chrome Seiten laden nicht
    Plagegeister aller Art und deren Bekämpfung - 06.10.2014 (5)
  3. Windows 7 und Programme starten langsam
    Plagegeister aller Art und deren Bekämpfung - 21.02.2014 (13)
  4. Programme starten sehr langsam / Windows allg. sehr lahm
    Log-Analyse und Auswertung - 18.05.2013 (2)
  5. alle programme werden bei ausführung *.Ink datein und lassen sich nicht starten
    Log-Analyse und Auswertung - 14.03.2013 (4)
  6. Laptop sehr langsam / sehr wahrscheinlich verseucht / Anti Viren Programme updaten nicht mehr
    Log-Analyse und Auswertung - 05.02.2013 (9)
  7. Programme starten extrem langsam!
    Log-Analyse und Auswertung - 03.02.2013 (7)
  8. browser starten sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 09.01.2013 (24)
  9. PC sehr langsam und Programme öffnen sich sehr langsam...
    Log-Analyse und Auswertung - 01.05.2012 (5)
  10. Programme starten langsam/verzögert
    Log-Analyse und Auswertung - 14.03.2011 (15)
  11. IE & FF sehr langsam und Windows bootet nicht alle Programme
    Plagegeister aller Art und deren Bekämpfung - 21.11.2009 (0)
  12. PC ist sehr langsam; Programme laden langsam
    Log-Analyse und Auswertung - 12.12.2008 (2)
  13. Nicht immer starten alle Programme...
    Plagegeister aller Art und deren Bekämpfung - 12.11.2007 (1)
  14. PC sehr langsam beim starten
    Log-Analyse und Auswertung - 29.09.2007 (4)
  15. Programme starten langsam - Log-Files
    Log-Analyse und Auswertung - 30.09.2006 (1)
  16. Virus lässt mich nicht mehr alle Programme starten (antivir) und highjackthis protoko
    Log-Analyse und Auswertung - 10.09.2006 (8)
  17. Programme starten langsam + Win32/Efewe
    Log-Analyse und Auswertung - 22.05.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Alle Programme starten sehr langsam - Logs anbei - Windows 7 32bit Seit gestern lahmt mein System extrem. Jedes noch so kleine Programm dauert nach dem Doppelklick einige Sekunden, bis es sich öffnet. Danach dauert es erneut einige Sekunden, - Alle Programme starten sehr langsam - Logs anbei...
Archiv
Du betrachtest: Alle Programme starten sehr langsam - Logs anbei auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129