Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Computer bootet und führt Programme langsam aus (evtl. Virus?)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 11.02.2012, 02:58   #1
Mark31
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Unglücklich

Computer bootet und führt Programme langsam aus (evtl. Virus?)



Hallo mein Computer bootet langsam und startet Programme sehr langsam.
Habe mal mit OTL gescannt vielleicht erkennt jemand was verdächtiges.
Schonmal THX für die Hilfe im vorraus

Code:
ATTFilter
OTL logfile created on: 11.02.2012 03:09:44 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\fly
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 40,37% Memory free
8,00 Gb Paging File | 5,64 Gb Available in Paging File | 70,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 245,59 Gb Free Space | 52,74% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 446,18 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
 
Computer Name: DUDDILS-PC | User Name: Duddils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.11 02:59:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- D:\fly\OTL.exe
PRC - [2012.02.09 11:58:18 | 000,222,528 | ---- | M] (TuneUp Software) -- C:\Program Files (x86)\TuneUp Utilities 2012\UninstallManager.exe
PRC - [2012.02.03 19:06:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.31 21:41:52 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.01.23 15:46:25 | 000,399,512 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2011.08.18 23:00:00 | 002,068,832 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccsvchst.exe
PRC - [2011.01.27 14:31:36 | 000,556,072 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2010.10.22 01:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
PRC - [2009.12.16 21:39:36 | 000,196,608 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE
PRC - [2009.06.24 22:30:02 | 000,061,440 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoOSD.exe
PRC - [2009.03.28 09:50:04 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\Applets\ValoLCDClock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.09 11:43:12 | 013,416,256 | ---- | M] () -- C:\Program Files (x86)\TuneUp Utilities 2012\libcef.dll
MOD - [2012.01.31 21:41:52 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.01.23 15:46:26 | 002,123,928 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012.01.23 15:46:26 | 000,161,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldap32v60.dll
MOD - [2012.01.23 15:46:26 | 000,021,144 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\nsldappr32v60.dll
MOD - [2012.01.08 17:31:02 | 000,079,872 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko10.dll
MOD - [2011.11.25 12:59:11 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011.08.18 23:00:00 | 000,193,024 | ---- | M] () -- C:\Program Files (x86)\Trillian\libspeex.dll
MOD - [2011.08.18 23:00:00 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\Trillian\libungif.dll
MOD - [2011.08.18 23:00:00 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Trillian\zlib1.dll
MOD - [2011.05.04 03:51:59 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2010.06.22 13:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2010.05.25 10:12:14 | 000,010,240 | ---- | M] () -- c:\users\duddils\appdata\roaming\trillian\languages\de\buddy.dll
MOD - [2010.05.25 10:12:14 | 000,007,680 | ---- | M] () -- c:\users\duddils\appdata\roaming\trillian\languages\de\talk.dll
MOD - [2010.05.25 10:12:14 | 000,007,168 | ---- | M] () -- c:\users\duddils\appdata\roaming\trillian\languages\de\events.dll
MOD - [2010.05.25 10:12:14 | 000,006,144 | ---- | M] () -- c:\users\duddils\appdata\roaming\trillian\languages\de\trillian.dll
MOD - [2010.05.25 10:12:14 | 000,002,048 | ---- | M] () -- c:\users\duddils\appdata\roaming\trillian\languages\de\toolkit.dll
MOD - [2009.03.28 09:50:04 | 000,114,688 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Valo Keyboard\Applets\ValoLCDClock.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2011.12.06 04:11:56 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.12.05 22:15:08 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011.11.12 04:50:40 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV:64bit: - [2010.12.13 14:37:16 | 000,194,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2007.02.08 04:53:20 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcjcoms.exe -- (lxcj_device)
SRV - [2012.02.09 11:59:08 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.02.03 19:06:13 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.24 22:33:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.01 13:44:54 | 002,337,144 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.04.17 01:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ccSvcHst.exe -- (N360)
SRV - [2011.04.05 00:28:00 | 004,004,328 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2011.01.18 23:11:51 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.10.22 01:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.23 13:38:18 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.01 16:57:50 | 000,077,032 | ---- | M] (Entriq, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe -- (Prosieben)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007.02.08 04:52:50 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcjcoms.exe -- (lxcj_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.17 10:33:24 | 002,782,848 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kinonivd.sys -- (kinonivd)
DRV:64bit: - [2011.12.17 10:33:18 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\kinonivad.sys -- (KINONI_Wave)
DRV:64bit: - [2011.12.06 04:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.12.06 04:45:40 | 010,720,256 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.12.06 03:12:14 | 000,327,168 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.12.02 18:38:08 | 000,239,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2011.11.12 04:50:34 | 002,182,768 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 10:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 10:07:24 | 000,171,008 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys -- (nmwcdnsux64)
DRV:64bit: - [2011.11.01 10:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 10:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.11.01 10:07:24 | 000,012,800 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys -- (nmwcdnsucx64)
DRV:64bit: - [2011.07.06 11:44:00 | 000,034,288 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.06.23 07:43:04 | 001,071,032 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\wcmvcam64.sys -- (WCMVCAM)
DRV:64bit: - [2011.05.11 16:09:39 | 000,174,200 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011.04.21 02:37:49 | 000,386,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symnets.sys -- (SymNetS)
DRV:64bit: - [2011.03.31 04:04:12 | 000,043,640 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2011.03.31 04:00:09 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2011.03.31 04:00:09 | 000,040,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2011.03.15 03:31:23 | 000,912,504 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symefa64.sys -- (SymEFA)
DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.23 01:57:49 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.01.27 07:47:10 | 000,450,680 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\symds64.sys -- (SymDS)
DRV:64bit: - [2010.12.13 14:37:18 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.11.16 02:45:33 | 000,171,128 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.22 01:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.06.01 16:28:10 | 000,769,024 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\arusb_win7x.sys -- (arusb_win7x)
DRV:64bit: - [2010.03.04 17:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.02.25 15:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.09.24 12:38:48 | 000,027,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2009.09.24 04:40:14 | 000,023,304 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2009.08.26 10:16:52 | 000,030,344 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2009.08.21 01:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.16 11:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
DRV:64bit: - [2009.06.10 21:36:04 | 000,694,272 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fxusbase.sys -- (FXUSBASE)
DRV:64bit: - [2009.06.10 21:36:02 | 000,079,872 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avmcowan.sys -- (AVMCOWAN)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.23 00:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009.04.10 20:58:52 | 000,014,720 | ---- | M] (ROCCAT Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ValoFltr.sys -- (ValFltr)
DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.12.11 14:56:54 | 000,015,488 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Kone.sys -- (KoneFltr)
DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.08.14 14:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.02.04 09:25:41 | 000,482,936 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011.12.16 00:33:20 | 000,488,568 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120209.002\IDSviA64.sys -- (IDSVia64)
DRV - [2011.12.01 03:25:03 | 001,157,240 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20120207.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2011.08.04 09:34:15 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120210.003\EX64.SYS -- (NAVEX15)
DRV - [2011.08.04 09:34:15 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120210.003\ENG64.SYS -- (NAVENG)
DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV - [2011.06.24 06:31:02 | 000,055,424 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.02 04:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - SOFTWARE\Classes\CLSID\{fc01c2be-850b-4115-9b6b-9a427ddecc34}\InprocServer32 File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.icq.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15430
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Plasmoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com/?l=dis&o=15430"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.4.0024
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}:5.0.21
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CLM&o=15427&locale=de_DE&apn_uid=83fa0279-d92c-45f8-bc7b-941d7fc33064&apn_ptnrs=LE&apn_sauid=9594239D-AF0E-4A88-AF9B-B948B34B1BEB&apn_dtid=YYYYYYYYDE&&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2012.02.10 15:53:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_5_2 [2012.02.10 21:04:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.01.16 16:59:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.31 21:41:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.10 16:50:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.10.29 19:51:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_7.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_7.0 [2012.01.16 16:59:05 | 000,000,000 | ---D | M]
 
[2011.05.12 05:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duddils\AppData\Roaming\mozilla\Extensions
[2011.05.12 05:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duddils\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.02.10 19:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions
[2012.01.30 19:08:08 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.05.21 02:08:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.12.25 18:45:51 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.01.09 18:52:11 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.05.17 17:57:29 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\battlefieldplay4free@ea.com
[2011.05.21 01:48:08 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\engine@plasmoo.com
[2012.02.10 20:15:40 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Users\Duddils\AppData\Roaming\mozilla\Firefox\Profiles\mv1kkk8v.default\extensions\toolbar@ask.com
[2012.02.10 20:15:41 | 000,002,400 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\askcom.xml
[2012.02.10 23:10:32 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-2.xml
[2011.09.01 03:06:06 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-3.xml
[2011.09.07 14:22:46 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-4.xml
[2011.09.27 22:06:41 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-5.xml
[2011.10.06 18:55:26 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-6.xml
[2011.11.13 01:03:30 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-7.xml
[2012.01.09 18:52:18 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-8.xml
[2012.01.31 21:43:52 | 000,000,950 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin-9.xml
[2011.06.18 18:35:39 | 000,001,056 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\icqplugin.xml
[2011.04.28 18:42:58 | 000,001,975 | ---- | M] () -- C:\Users\Duddils\AppData\Roaming\Mozilla\Firefox\Profiles\mv1kkk8v.default\searchplugins\plasmoo.xml
[2011.11.13 01:03:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.10 21:04:09 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\COFFPLGN_2011_7_5_2
[2012.02.10 15:53:10 | 000,000,000 | ---D | M] (Symantec Intrusion Prevention) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPLGN
() (No name found) -- C:\USERS\DUDDILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV1KKK8V.DEFAULT\EXTENSIONS\{1FC895A6-2042-46EC-A61B-233165B4C218}.XPI
() (No name found) -- C:\USERS\DUDDILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV1KKK8V.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\DUDDILS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\MV1KKK8V.DEFAULT\EXTENSIONS\YOUTUBE2MP3@MONDAYX.DE.XPI
[2012.01.31 21:41:52 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.17 00:03:36 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.09.27 22:04:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.27 22:04:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.27 22:04:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.12 21:14:50 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.09.27 22:04:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.09.27 22:04:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.27 22:04:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\5.2.0.13\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [RoccatValo] C:\Program Files (x86)\ROCCAT\Valo Keyboard\ValoMonitor.EXE (ROCCAT)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Duddils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Duddils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Duddils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Duddils\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab (Java Plug-in 1.5.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A3EA245-57B5-4AA0-8988-6800C47DB16B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B684E396-EB81-4CF9-AB13-E2B1D1DE59BA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BD7E13C5-9ECC-4DA0-9911-9B0BEA1DD32B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\browserplusprefs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\browserplusuninstaller.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dctrayapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\yahoomessenger.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\browserplusprefs.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\browserplusuninstaller.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dctrayapp.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\teamviewer.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\yahoomessenger.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{12a0ec8f-8208-11e0-91f0-001f3f08c770}\Shell - "" = AutoRun
O33 - MountPoints2\{12a0ec8f-8208-11e0-91f0-001f3f08c770}\Shell\AutoRun\command - "" = K:\pushinst.exe
O33 - MountPoints2\{347ea086-234b-11e0-9cb2-90e6ba566660}\Shell - "" = AutoRun
O33 - MountPoints2\{347ea086-234b-11e0-9cb2-90e6ba566660}\Shell\AutoRun\command - "" = K:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (Partizan)
O34 - HKLM BootExecute: (ootExecute settings...)
O34 - HKLM BootExecute: (ount)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{4F8F1C61-3CC8-4B4B-80F6-F57D9F5DDDA7} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe - (GamersFirst)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: BtTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EADM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: XboxStat - hkey= - key= - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.11 01:42:01 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Roaming\f-secure
[2012.02.11 01:41:38 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2012.02.10 23:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.10 23:16:08 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.02.10 23:10:16 | 000,000,000 | ---D | C] -- C:\Windows\RestoreSafeDeleted
[2012.02.10 23:04:22 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2012.02.10 23:04:22 | 000,035,816 | ---- | C] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2012.02.10 23:04:06 | 000,000,000 | ---D | C] -- C:\Users\Duddils\Documents\RegRun2
[2012.02.10 23:04:03 | 000,012,800 | ---- | C] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2012.02.10 23:04:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
[2012.02.10 23:04:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\regruninfo
[2012.02.10 23:04:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2012.02.10 21:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegHunter
[2012.02.10 21:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.02.10 20:45:26 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.10 20:45:25 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.10 20:44:51 | 000,000,000 | -H-D | C] -- C:\Windows\Icons
[2012.02.10 19:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com
[2012.02.10 19:36:20 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Roaming\WebcamMax
[2012.02.10 18:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Drivers For Free
[2012.02.10 18:56:21 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\Drivers_For_Free
[2012.02.10 18:55:16 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2012.02.10 18:55:11 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Roaming\Drivers For Free
[2012.02.10 18:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2012.02.10 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acer
[2012.02.10 18:30:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acer
[2012.02.10 17:35:23 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.10 17:35:22 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.10 17:35:22 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.10 17:35:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.02.10 17:34:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.02.10 17:33:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.10 16:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.02.10 16:49:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.02.10 16:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.02.10 12:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
[2012.02.10 12:45:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft LifeCam
[2012.02.10 12:45:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft LifeCam
[2012.02.08 09:13:09 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\{1587E3EE-68E7-4F0B-9913-37D08E9E25EC}
[2012.02.08 09:12:57 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\{B1CE7700-CEC7-4D90-BA3A-8A7D957B222B}
[2012.02.05 13:00:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.02.05 13:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.02.05 13:00:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.02.05 12:54:52 | 000,000,000 | ---D | C] -- C:\AMD
[2012.01.22 16:55:47 | 000,114,688 | ---- | C] (Warelex LLC) -- C:\Windows\SysWow64\BTCamVideoSource.dll
[2012.01.22 13:18:23 | 000,000,000 | ---D | C] -- C:\Users\Duddils\Documents\Mobiola Video Files
[2012.01.22 13:18:23 | 000,000,000 | ---D | C] -- C:\Users\Duddils\Documents\Mobiola Image Files
[2012.01.22 13:18:23 | 000,000,000 | ---D | C] -- C:\Users\Duddils\Documents\Mobiola Audio Files
[2012.01.22 13:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobiola Web Camera for S60
[2012.01.22 13:02:04 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2012.01.22 13:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2012.01.17 11:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SonicFocus
[2012.01.17 11:12:31 | 002,915,440 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIAPropPageExt.dll
[2012.01.17 11:12:31 | 002,182,768 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\drivers\viahduaa.sys
[2012.01.17 11:12:31 | 001,161,328 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaKaraokeApo.dll
[2012.01.17 11:12:31 | 000,675,952 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\VIASysFx.dll
[2012.01.17 11:12:31 | 000,202,864 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViaMicArrayAPO.dll
[2012.01.17 11:12:31 | 000,116,848 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaKaraokePropPageExt.dll
[2012.01.17 11:12:31 | 000,091,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\Dts2PropPageExt.dll
[2012.01.17 11:12:31 | 000,090,224 | ---- | C] (VIA Technologies,Inc.) -- C:\Windows\SysNative\ViaMicArrayPropPageExt.dll
[2012.01.17 11:12:31 | 000,027,760 | ---- | C] (VIA Technologies, Inc.) -- C:\Windows\SysNative\ViakaraokeSrv.exe
[2012.01.17 11:10:31 | 003,746,408 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkHDM64.dll
[2012.01.17 11:10:31 | 002,526,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RHDMEx64.dll
[2012.01.17 11:10:31 | 000,239,208 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys
[2012.01.17 11:07:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012.01.17 11:06:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012.01.17 10:46:54 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Roaming\Nokia Suite
[2012.01.17 10:42:14 | 000,000,000 | ---D | C] -- C:\Users\Duddils\Documents\Nokia Suite
[2012.01.17 09:13:54 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\NokiaAccount
[2012.01.16 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Roaming\Nokia
[2012.01.16 16:59:50 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\Nokia
[2012.01.16 16:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012.01.16 16:59:45 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Roaming\PC Suite
[2012.01.16 16:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia
[2012.01.16 16:59:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012.01.16 16:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia
[2012.01.16 16:58:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2012.01.16 16:58:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012.01.16 16:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012.01.16 16:15:27 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\{9FF249FC-5DAE-4302-B1E8-2A8EBD77FEF0}
[2012.01.16 16:15:16 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\{A939C7B0-FDC9-4DAF-A613-CE56573A0EEA}
[2012.01.16 03:50:54 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\{470961E4-F3E6-4646-AA79-624E7165744E}
[2012.01.16 03:50:39 | 000,000,000 | ---D | C] -- C:\Users\Duddils\AppData\Local\{3FFECAF2-447E-41AF-9C30-7DB6FF1909FA}
[2012.01.14 11:47:43 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.14 11:47:43 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.14 11:47:42 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.14 11:47:42 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.14 11:47:42 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.14 11:47:42 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.14 11:47:38 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.14 11:47:38 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.14 11:47:38 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.14 11:47:38 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.14 11:47:36 | 001,739,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.14 11:47:34 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.14 11:47:34 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2011.05.13 12:33:27 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjserv.dll
[2011.05.13 12:33:27 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjusb1.dll
[2011.05.13 12:33:27 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjhbn3.dll
[2011.05.13 12:33:27 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjpmui.dll
[2011.05.13 12:33:27 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjlmpm.dll
[2011.05.13 12:33:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcoms.exe
[2011.05.13 12:33:27 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjinpa.dll
[2011.05.13 12:33:27 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjiesc.dll
[2011.05.13 12:33:27 | 000,385,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjih.exe
[2011.05.13 12:33:27 | 000,181,168 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjppls.exe
[2011.05.13 12:33:27 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjprox.dll
[2011.05.13 12:33:27 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjpplc.dll
[2011.05.13 12:33:26 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcomc.dll
[2011.05.13 12:33:26 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcomm.dll
[2011.05.13 12:33:26 | 000,381,872 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcjcfg.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.11 02:11:47 | 000,000,512 | ---- | M] () -- C:\Users\Duddils\Desktop\MBR.dat
[2012.02.11 02:10:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 02:10:44 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.11 02:05:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.11 00:05:24 | 000,000,119 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2012.02.10 23:16:08 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012.02.10 23:04:22 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\Partizan.exe
[2012.02.10 23:04:22 | 000,035,816 | ---- | M] (Greatis Software) -- C:\Windows\SysWow64\drivers\Partizan.sys
[2012.02.10 23:04:08 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012.02.10 23:04:08 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.02.10 23:04:08 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.02.10 23:04:04 | 000,000,907 | ---- | M] () -- C:\Users\Duddils\Desktop\UnHackMe.lnk
[2012.02.10 21:23:03 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2012.02.10 21:02:43 | 000,003,488 | ---- | M] () -- C:\bootsqm.dat
[2012.02.10 19:35:32 | 001,450,478 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\Cat.DB
[2012.02.10 17:35:18 | 000,002,185 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.10 17:35:17 | 000,002,167 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.09 11:59:10 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 11:59:06 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.08 23:57:42 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.02.08 23:57:42 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.02.08 23:57:30 | 000,281,880 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.02.03 19:06:13 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.01.28 06:27:32 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\0502000.00D\isolate.ini
[2012.01.25 18:56:43 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.25 18:56:43 | 000,696,832 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.25 18:56:43 | 000,652,150 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.25 18:56:43 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.25 18:56:43 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.23 17:01:14 | 000,012,800 | ---- | M] (Greatis Software, LLC.) -- C:\Windows\SysWow64\drivers\UnHackMeDrv.sys
[2012.01.17 11:18:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.01.17 10:38:07 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.11 02:11:47 | 000,000,512 | ---- | C] () -- C:\Users\Duddils\Desktop\MBR.dat
[2012.02.10 23:16:08 | 000,000,119 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2012.02.10 23:04:08 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012.02.10 23:04:08 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012.02.10 23:04:08 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012.02.10 23:04:04 | 000,000,907 | ---- | C] () -- C:\Users\Duddils\Desktop\UnHackMe.lnk
[2012.02.10 21:23:01 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\RegHunter.lnk
[2012.02.10 21:02:43 | 000,003,488 | ---- | C] () -- C:\bootsqm.dat
[2012.02.10 17:35:17 | 000,002,185 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.10 17:35:17 | 000,002,167 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.10 17:35:01 | 000,002,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.02.10 16:50:24 | 000,002,471 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.01.17 11:18:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.01.17 11:12:35 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD VDeck.lnk
[2012.01.17 10:38:07 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011.12.18 15:14:34 | 000,204,960 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.12.18 15:14:34 | 000,157,152 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.18 15:14:33 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.12.05 22:04:00 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.12.05 22:03:52 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.10.13 21:29:40 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011.08.26 09:39:21 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.05.13 12:33:27 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcjcomx.dll
[2011.05.13 12:33:27 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcjinst.dll
[2011.05.13 06:52:46 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.05.13 06:52:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.13 04:52:38 | 000,197,728 | ---- | C] () -- C:\Windows\WinVd32.sys
[2011.05.13 04:52:37 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\WinFLsrv.exe
[2011.05.12 05:35:40 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.05.12 05:09:49 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\LckFldService.exe
[2011.05.12 05:09:48 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\fldlckun.exe
[2011.05.09 22:48:55 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2011.05.01 03:06:03 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.29 20:05:29 | 000,007,623 | ---- | C] () -- C:\Users\Duddils\AppData\Local\Resmon.ResmonCfg
[2011.03.01 00:54:05 | 000,000,023 | ---- | C] () -- C:\Windows\SWFDecompiler.INI
[2011.02.15 13:41:01 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2011.02.12 12:21:35 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.12 08:59:50 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.02.12 08:59:50 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.02.12 08:59:03 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2011.02.08 23:38:23 | 000,000,153 | ---- | C] () -- C:\Users\Duddils\AppData\Roaming\default.rss
[2011.02.08 23:38:08 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.02.02 20:21:20 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.01.19 00:03:48 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.01.18 23:11:16 | 000,001,209 | ---- | C] () -- C:\Windows\skSPcfg.ini
[2011.01.18 23:11:16 | 000,000,381 | ---- | C] () -- C:\Windows\skMCcfg.ini
[2011.01.18 23:11:15 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2011.01.18 23:11:15 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2011.01.18 22:25:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011.06.28 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\.minecraft
[2012.01.25 19:02:12 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\AbiSuite
[2011.08.26 09:39:33 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Atari
[2011.02.25 12:16:46 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\BFBC2CC
[2011.10.31 23:15:39 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\DAEMON Tools Lite
[2011.03.29 15:55:14 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\DarksporeData
[2011.06.22 18:16:01 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Day 1 Studios
[2012.02.10 18:55:11 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Drivers For Free
[2011.10.07 13:36:07 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\DVDVideoSoft
[2011.05.21 02:08:29 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.11 01:42:01 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\f-secure
[2012.02.09 19:10:59 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\FileZilla
[2011.07.04 20:09:48 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\go
[2011.08.05 12:19:36 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\ImgBurn
[2011.08.26 09:38:34 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Leadertech
[2011.02.07 04:02:50 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\LolClient
[2011.01.20 00:23:16 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\NewsLeecher
[2012.01.17 10:46:53 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Nokia
[2012.01.17 10:46:54 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Nokia Suite
[2011.10.31 19:28:25 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Origin
[2012.01.17 10:41:35 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\PC Suite
[2011.01.24 05:34:46 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Publish Providers
[2011.02.04 12:30:18 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\ROCCAT
[2011.03.18 17:37:20 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Screaming Bee
[2011.01.24 05:34:42 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Sony
[2011.03.16 01:50:01 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Systemberatung Schommer
[2011.06.24 20:46:48 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\TeamViewer
[2011.05.12 05:35:40 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Thunderbird
[2011.05.13 02:54:11 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Tific
[2011.02.09 02:01:20 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Trillian
[2012.01.09 20:38:30 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\TS3Client
[2012.02.10 20:39:55 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\TuneUp Software
[2011.09.09 23:59:26 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Tunngle
[2011.05.30 02:21:33 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\Utherverse
[2011.05.20 22:39:45 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\wargaming.net
[2012.02.10 19:36:20 | 000,000,000 | ---D | M] -- C:\Users\Duddils\AppData\Roaming\WebcamMax
[2012.01.16 07:31:42 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.05.13 03:49:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.06.18 01:39:50 | 000,000,000 | ---D | M] -- C:\A320_III_M2_LIM
[2012.02.05 12:54:52 | 000,000,000 | ---D | M] -- C:\AMD
[2011.01.19 22:15:32 | 000,000,000 | ---D | M] -- C:\ATI
[2011.01.18 22:35:07 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.05.05 01:59:32 | 000,000,000 | ---D | M] -- C:\Download
[2011.05.13 12:32:53 | 000,000,000 | ---D | M] -- C:\drivers
[2011.03.06 19:15:30 | 000,000,000 | ---D | M] -- C:\Fraps
[2011.05.20 19:37:57 | 000,000,000 | ---D | M] -- C:\Games
[2011.05.04 21:48:33 | 000,000,000 | ---D | M] -- C:\HanTemp
[2011.05.03 18:02:30 | 000,000,000 | ---D | M] -- C:\ijji
[2011.05.12 03:00:47 | 000,000,000 | ---D | M] -- C:\Nexon
[2011.01.19 22:22:27 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.10 21:23:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.10 23:47:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.02.11 01:41:38 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.01.18 22:35:07 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.01.18 22:35:07 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.02.15 06:37:33 | 000,000,000 | ---D | M] -- C:\Riot Games
[2011.03.27 06:54:53 | 000,000,000 | ---D | M] -- C:\Streaming
[2012.02.11 03:12:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.09 13:10:37 | 000,000,000 | R--D | M] -- C:\Users
[2012.02.10 23:10:16 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2009.06.02 23:05:03 | 002,607,616 | ---- | M] (Microsoft Corporation) MD5=33C215661503CC215326F36B69B379B7 -- C:\Users\Duddils\Desktop\-=BHBY=-\Neuer Ordner (2)\Tools, zugänge, usw.{21EC2020-3AEA-1069-A2DD-08002B30309D}\Windows 8\Windows\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2012.02.11 03:18:41 | 003,670,016 | ---- | M] () -- C:\Users\Duddils\NTUSER.DAT
[2012.02.11 03:18:40 | 000,262,144 | -HS- | M] () -- C:\Users\Duddils\ntuser.dat.LOG1
[2011.01.18 22:38:08 | 000,000,000 | -HS- | M] () -- C:\Users\Duddils\ntuser.dat.LOG2
[2011.01.18 22:41:29 | 000,065,536 | -HS- | M] () -- C:\Users\Duddils\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.01.18 22:41:29 | 000,524,288 | -HS- | M] () -- C:\Users\Duddils\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.01.18 22:41:29 | 000,524,288 | -HS- | M] () -- C:\Users\Duddils\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2011.01.18 22:38:09 | 000,000,020 | -HS- | M] () -- C:\Users\Duddils\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >

< End of report >
         

Alt 11.02.2012, 03:00   #2
Mark31
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



Hier noch die extra logfile

Code:
ATTFilter
OTL Extras logfile created on: 11.02.2012 03:09:44 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = D:\fly
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,61 Gb Available Physical Memory | 40,37% Memory free
8,00 Gb Paging File | 5,64 Gb Available in Paging File | 70,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 245,59 Gb Free Space | 52,74% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 446,18 Gb Free Space | 47,90% Space Free | Partition Type: NTFS
 
Computer Name: DUDDILS-PC | User Name: Duddils | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe" = [String data over 1000 bytes]
"C:\Program Files (x86)\FlashFXP\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5CE7E3F5-9803-4F32-AA89-2D8848A80109}" = Microsoft LifeCam
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7AE5C776-8742-4874-B53B-941190171E6D}" = RegHunter
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{9E3B2120-0BD8-9865-0387-E9BAC2A53AD3}" = ccc-utility64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ABA0A6C3-EDBA-77A1-1179-683FC6BF98E6}" = AMD Problem Report Wizard
"{ABE286AE-C65D-B7DE-C8D1-DF79584169B4}" = AMD Fuel
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{B95653AB-0E7F-204A-3226-17E9F38E6951}" = AMD Drag and Drop Transcoding
"{BE882A12-5A45-3DFF-9FD0-306DE65EB8A5}" = AMD Catalyst Install Manager
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Lexmark 8300 Series" = Lexmark 8300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D97F8D1-2102-53D2-5633-C992D6086801}" = CCC Help Chinese Traditional
"{0EA00EA7-42C0-ED9C-9110-2C04B8EDBA66}" = CCC Help Italian
"{0EB86B70-91FF-39BF-633C-785DF2218CC6}" = CCC Help French
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{122833F6-D27B-4FF9-9243-D30964E2E7DF}" = Internet Explorer
"{1686C07D-C2BB-A8B2-C5ED-32C4EE1A3E62}" = CCC Help Spanish
"{18B6A9F8-25BC-5978-6B42-A50FA2CABC18}" = CCC Help English
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{298C6691-46B2-2065-0DD7-1E7B3B669A47}" = CCC Help Finnish
"{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3248F0A8-6813-11D6-A77B-00B0D0150210}" = J2SE Runtime Environment 5.0 Update 21
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{400C5445-1AE8-1A41-CAC6-AB114341F65D}" = CCC Help Swedish
"{40719211-D09A-11DF-BA30-0013D3D69929}" = MSVCRT Redists
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{448B1C6D-02C2-7681-66B2-624E58B25375}" = CCC Help Turkish
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{46EB9D45-FC1A-2635-1693-176E6FA1C672}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{651F43AA-3F06-9277-6F1B-8E8155017463}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68DE32E1-292B-6A02-6A53-935BFAE70C99}" = CCC Help Chinese Standard
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
"{74F28F11-404B-4CEA-92FF-37BF476F239E}" = VirtualDJ PRO Full
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{818212BA-7F8C-DDF9-64BE-F6D0B6F46D29}" = CCC Help German
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84F4542C-ED64-28AC-49B3-1A9BAB395AB4}" = CCC Help Hungarian
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C41195F-11B3-8EEC-6634-7183BE6CB1B1}" = CCC Help Japanese
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A33A89D0-2F48-FD1C-A243-9073EE0592E0}" = Catalyst Control Center InstallProxy
"{A66FB6C7-B689-AFD5-21BA-7CAF8E44E6E6}" = Catalyst Control Center Graphics Previews Common
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{abf23872-4081-4cad-96de-47ef3b5a5aa8}" = Nero 9
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AE136F7F-7DC6-600F-9DF9-BFA0DF516135}" = Catalyst Control Center Localization All
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4CF00AE-2622-7BC6-24EC-4E5A0A8C9135}" = CCC Help Czech
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BAE1C0A8-634D-CFF1-0E0C-893092427D34}" = CCC Help Danish
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C2DEC505-79A9-E952-32B0-31B67B83E231}" = CCC Help Korean
"{C2FB14FB-DF6B-287D-BDC3-C7BEC86F539E}" = AMD VISION Engine Control Center
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CCEFAE22-4D01-0084-D1CA-AC14AA743A97}" = CCC Help Greek
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1BA65A8-0F0E-4ACA-9B4D-2A080C561D35}" = ROCCAT Valo Keyboard Driver
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DE460826-5E72-2357-154F-E376F9926008}" = CCC Help Norwegian
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21FFD29-D231-3BD3-6941-15710E44BED4}" = CCC Help Dutch
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E313C7-0AE2-7F44-52E8-528D4EDC74B2}" = CCC Help Thai
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9929777-7B6E-F53D-3105-1C06E5120CA1}" = CCC Help Russian
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"AbiWord2" = AbiWord 2.9.1
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.00
"Fiesta Online(EU_German)" = Fiesta Online(EU_German) 1.04.000
"FileZilla Client" = FileZilla Client 3.3.5.1
"Fraps" = Fraps (remove only)
"Free Studio_is1" = Free Studio version 5.0.9
"Free Video Dub_is1" = Free Video Dub version 1.8.12.602
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GamersFirst LIVE!" = GamersFirst LIVE!
"HijackThis" = HijackThis 2.0.2
"Host OpenAL" = Host OpenAL
"ImgBurn" = ImgBurn
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IsoBuster_is1" = IsoBuster 2.8.5
"jetztspielenob.de Toolbar" = jetztspielenob.de Toolbar
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox 10.0 (x86 de)" = Mozilla Firefox 10.0 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"N360" = Norton 360
"NewsLeecher_is1" = NewsLeecher v4.0 Final
"Nokia Suite" = Nokia Suite
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Steam App 102800" = Darkspore Beta
"Steam App 113400" = APB Reloaded
"Steam App 12890" = Operation Flashpoint: Dragon Rising - Demo
"Steam App 17700" = Insurgency
"Steam App 2130" = Dark Messiah Might and Magic Multi-Player
"Steam App 240" = Counter-Strike: Source
"Steam App 24860" = Battlefield 2
"Steam App 38830" = Crimecraft: BLEEDOUT 
"Steam App 440" = Team Fortress 2
"Steam App 550" = Left 4 Dead 2
"Steam App 55100" = HOMEFRONT
"Steam App 55110" = Red Faction: Armageddon
"Steam App 55410" = Warhammer 40,000: Space Marine Demo
"Steam App 563" = Left 4 Dead 2 Authoring Tools
"Steam App 564" = Left 4 Dead 2 Add-on Support
"Steam App 63200" = Monday Night Combat
"TeamViewer 6" = TeamViewer 6
"Trillian" = Trillian
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"UnHackMe_is1" = UnHackMe 5.99 release
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"Xfire" = Xfire (remove only)
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Software Update" = Yahoo! Software Update
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"FolderLock6" = Folder Lock
"Winamp Detect" = Winamp Anwendungserkennung
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.02.2012 16:47:20 | Computer Name = Duddils-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 03.02.2012 16:58:24 | Computer Name = Duddils-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 03.02.2012 17:14:37 | Computer Name = Duddils-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 03.02.2012 19:21:36 | Computer Name = Duddils-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 04.02.2012 04:39:57 | Computer Name = Duddils-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 04.02.2012 06:05:51 | Computer Name = Duddils-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 04.02.2012 10:30:28 | Computer Name = Duddils-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 04.02.2012 11:13:34 | Computer Name = Duddils-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 05.02.2012 07:58:50 | Computer Name = Duddils-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7600.16385,
 Zeitstempel: 0x4a5bc3e6  Name des fehlerhaften Moduls: MSIE332.tmp, Version: 2.0.0.9,
 Zeitstempel: 0x4d4b089c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00019d88  ID des fehlerhaften
 Prozesses: 0x40c  Startzeit der fehlerhaften Anwendung: 0x01cce3fd5d0c7bc0  Pfad der
 fehlerhaften Anwendung: C:\Windows\syswow64\MsiExec.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\Installer\MSIE332.tmp  Berichtskennung: c3bc81d0-4ff0-11e1-91ad-bc05430515fd
 
Error - 05.02.2012 07:59:08 | Computer Name = Duddils-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.7600.16385,
 Zeitstempel: 0x4a5bc3e6  Name des fehlerhaften Moduls: MSI2BF9.tmp, Version: 2.0.0.9,
 Zeitstempel: 0x4d4b089c  Ausnahmecode: 0xc000000d  Fehleroffset: 0x00019d88  ID des fehlerhaften
 Prozesses: 0x188  Startzeit der fehlerhaften Anwendung: 0x01cce3fd8eaf8b90  Pfad der
 fehlerhaften Anwendung: C:\Windows\syswow64\MsiExec.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\Installer\MSI2BF9.tmp  Berichtskennung: cec64840-4ff0-11e1-91ad-bc05430515fd
 
[ System Events ]
Error - 10.02.2012 22:13:18 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:13:18 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:13:18 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:13:18 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:13:18 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:13:18 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:14:48 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:14:48 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:14:48 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 10.02.2012 22:14:48 | Computer Name = Duddils-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
 
< End of report >
         
__________________


Alt 11.02.2012, 10:10   #3
markusg
/// Malware-holic
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



hi, ich sehe hier ein paar fehlermeldungen, die mir nicht gefallen
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.

hast du ne externe festplatte zur hand? ich hätte gern, dass du erst mal alle wichtigen daten sicherst.
__________________
__________________

Alt 12.02.2012, 00:12   #4
Mark31
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



Zitat:
Zitat von markusg Beitrag anzeigen
hi, ich sehe hier ein paar fehlermeldungen, die mir nicht gefallen
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.

hast du ne externe festplatte zur hand? ich hätte gern, dass du erst mal alle wichtigen daten sicherst.
Ja hab ne externe platte hab auch schon alles gesichert und chkdsk habe ich auch schon ausgeführt und auch hab auch TuneUp Disk Doktor laufen lassen haben beide nichts gefunden.
Hab dir mal die log gepostet

Code:
ATTFilter
Protokollname: Application
Quelle:        Chkdsk
Datum:         12.02.2012 01:10:30
Ereignis-ID:   26212
Aufgabenkategorie:Keine
Ebene:         Informationen
Schlüsselwörter:Klassisch
Benutzer:      Nicht zutreffend
Computer:      Duddils-PC
Beschreibung:
Chkdsk wurde im schreibgeschützten Modus für einen Volumesnapshot ausgeführt.  

Dateisystem auf C: wird überprüft.
Der Typ des Dateisystems ist NTFS.

WARNUNG! Der Parameter F wurde nicht angegeben.
CHKDSK wird im schreibgeschützten Modus ausgeführt.

CHKDSK überprüft Dateien (Phase 1 von 3)...
  342784 Datensätze verarbeitet.                                         

Dateiüberprüfung beendet.
  286 große Datensätze verarbeitet.                                   

  0 ungültige Datensätze verarbeitet.                               

  2 E/A-Datensätze verarbeitet.                                     

  190 Analysedatensätze verarbeitet.                                  

CHKDSK überprüft Indizes (Phase 2 von 3)...
  409800 Indexeinträge verarbeitet.                                      

Indexüberprüfung beendet.
  0 nicht indizierte Dateien überprüft.                             

  0 nicht indizierte Dateien wiederhergestellt.                     

CHKDSK überprüft Sicherheitsbeschreibungen (Phase 3 von 3)...
  342784 SDs/SIDs verarbeitet.                                           

7 nicht verwendete Indexeinträge aus Index $SII der Datei 0x9 werden aufgeräumt.
7 nicht verwendete Indexeinträge aus Index $SDH der Datei 0x9 werden aufgeräumt.
7 nicht verwendete Sicherheitsbeschreibungen werden aufgeräumt.
Überprüfung der Sicherheitsbeschreibungen beendet.
  33509 Datendateien verarbeitet.                                       

CHKDSK überprüft USN-Journal...
  34673768 USN-Bytes verarbeitet.                                          

Die Überprüfung von USN-Journal ist abgeschlossen.
Das Dateisystem wurde überprüft. Es wurden keine Probleme festgestellt.

 488282111 KB Speicherplatz auf dem Datenträger insgesamt
 234565000 KB in 275412 Dateien
    115388 KB in 33510 Indizes
         0 KB in fehlerhaften Sektoren
    458343 KB vom System benutzt
     65536 KB von der Protokolldatei belegt
 253143380 KB auf dem Datenträger verfügbar

      4096 Bytes in jeder Zuordnungseinheit
 122070527 Zuordnungseinheiten auf dem Datenträger insgesamt
  63285845 Zuordnungseinheiten auf dem Datenträger verfügbar
         

Geändert von Mark31 (12.02.2012 um 00:37 Uhr)

Alt 12.02.2012, 15:07   #5
markusg
/// Malware-holic
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



downloade:
BerliOS Download - The Open Source Mediator
• GSmartControl starten
• Im Programm doppelt auf die Festplatte(n) klicken
• Registrierkarte Attributes aufrufen
• Mit Save As die Logs der Festplatte(n) abspeichern
log anhängen.

__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.02.2012, 19:36   #6
Mark31
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



Jo hab ich gemacht habs als anhang hochgeladen

und hier der log nochmal gepostet

Code:
ATTFilter
smartctl 5.41 2011-06-09 r3365 [i686-w64-mingw32-win7(64)] (sf-win32-5.41-1)
Copyright (C) 2002-11 by Bruce Allen, hxxp://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Model Family:     Western Digital Caviar Blue Serial ATA
Device Model:     WDC WD5000AAKS-07YGA0
Serial Number:    WD-WCAS82235685
LU WWN Device Id: 5 0014ee 200a9dfad
Firmware Version: 12.01C02
User Capacity:    500.107.862.016 bytes [500 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:    Sun Feb 12 20:36:51 2012 MZ
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x84)	Offline data collection activity
					was suspended by an interrupting command from host.
					Auto Offline Data Collection: Enabled.
Self-test execution status:      (   0)	The previous self-test routine completed
					without error or no self-test has ever 
					been run.
Total time to complete Offline 
data collection: 		(12600) seconds.
Offline data collection
capabilities: 			 (0x7b) SMART execute Offline immediate.
					Auto Offline data collection on/off support.
					Suspend Offline collection upon new
					command.
					Offline surface scan supported.
					Self-test supported.
					Conveyance Self-test supported.
					Selective Self-test supported.
SMART capabilities:            (0x0003)	Saves SMART data before entering
					power-saving mode.
					Supports SMART auto save timer.
Error logging capability:        (0x01)	Error logging supported.
					General Purpose Logging supported.
Short self-test routine 
recommended polling time: 	 (   2) minutes.
Extended self-test routine
recommended polling time: 	 ( 147) minutes.
Conveyance self-test routine
recommended polling time: 	 (   5) minutes.
SCT capabilities: 	       (0x303f)	SCT Status supported.
					SCT Error Recovery Control supported.
					SCT Feature Control supported.
					SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000f   200   200   051    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0003   174   171   021    Pre-fail  Always       -       6275
  4 Start_Stop_Count        0x0032   099   099   000    Old_age   Always       -       1634
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000e   200   200   051    Old_age   Always       -       0
  9 Power_On_Hours          0x0032   072   072   000    Old_age   Always       -       20888
 10 Spin_Retry_Count        0x0012   100   100   051    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0012   100   100   051    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   099   099   000    Old_age   Always       -       1603
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       282
193 Load_Cycle_Count        0x0032   200   200   000    Old_age   Always       -       1638
194 Temperature_Celsius     0x0022   107   094   000    Old_age   Always       -       43
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0012   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0010   200   200   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x003e   200   200   000    Old_age   Always       -       6
200 Multi_Zone_Error_Rate   0x0008   200   200   051    Old_age   Offline      -       0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
No self-tests have been logged.  [To run self-tests, use: smartctl -t]


SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.
         

Geändert von Mark31 (12.02.2012 um 19:41 Uhr)

Alt 13.02.2012, 13:05   #7
markusg
/// Malware-holic
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



guck mal bitte im pc ob das Datenanschlusskabel (S-ATA ) nicht richtig drinnen steckt? falls doch, könnte es auch kaputt sein.

199 UDMA_CRC_Error_Count 0x003e 200 200 000 Old_age Always - 6
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 13.02.2012, 17:59   #8
Mark31
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



die stecken alle richtig drinn kauf ich mal ein neues morgen

Alt 13.02.2012, 19:27   #9
markusg
/// Malware-holic
 
Computer bootet und führt Programme langsam aus (evtl. Virus?) - Standard

Computer bootet und führt Programme langsam aus (evtl. Virus?)



jo, sollte zu 90 %iger sicherheit daran liegen, laut dem bericht, und das tool ist auch sehr zuverlässig.
und otl hat ja auch fehler mit der platte angezeigt, bzw die windows eventlooks
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Computer bootet und führt Programme langsam aus (evtl. Virus?)
adobe, bho, bonjour, booten, bootet langsam, computer, computer bootet, converter, enigma, error, explorer, fehler, firefox, format, intrusion prevention, langsam, launch, logfile, mozilla, mozilla thunderbird, mp3, nvstor.sys, object, realtek, registry, required, rootkit, rundll, software, stick, symantec, vdeck.exe, virus, webcheck, windows, windows 8, winlogon.exe



Ähnliche Themen: Computer bootet und führt Programme langsam aus (evtl. Virus?)


  1. Computer langsam, unlöschbare Programme
    Plagegeister aller Art und deren Bekämpfung - 16.10.2015 (13)
  2. Computer bootet -Programme lassen sich nicht Öffn
    Plagegeister aller Art und deren Bekämpfung - 10.03.2015 (5)
  3. Mein Notebook arbeitet sehr sehr langsam evtl. virus?
    Plagegeister aller Art und deren Bekämpfung - 09.02.2015 (13)
  4. PC bootet langsam, bzw. Programme starten langsamer als sonst
    Alles rund um Windows - 26.05.2014 (4)
  5. Windows XP: Computer bootet und arbeitet sehr langsam nach Viren-Befall
    Log-Analyse und Auswertung - 09.03.2014 (32)
  6. Windows 7 64bit: Computer bootet langsam trotz Neuinstallation
    Alles rund um Windows - 06.03.2014 (1)
  7. Vista startet/bootet sehr langsam durch "Virus" PUP.Optional
    Plagegeister aller Art und deren Bekämpfung - 20.10.2013 (28)
  8. Virus oder Trojaner auf dem Computer führt zu Problemen, evtl. Conficker
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (25)
  9. Pc ist sehr langsam, evtl. Trojaner, Virus?
    Log-Analyse und Auswertung - 05.10.2012 (3)
  10. Win32-Sality Virus Computer laggt und dreht durch !Schon mehrere Programme benutzt
    Plagegeister aller Art und deren Bekämpfung - 05.04.2012 (5)
  11. PC plötzlich sehr, sehr langsam - evtl. neues update Adobe Flashplayer? kein Virus gefunden...
    Log-Analyse und Auswertung - 05.10.2011 (15)
  12. Dateien verschwinden, Computer langsam, Programme stürzen ständig ab
    Log-Analyse und Auswertung - 01.04.2011 (20)
  13. IE & FF sehr langsam und Windows bootet nicht alle Programme
    Plagegeister aller Art und deren Bekämpfung - 21.11.2009 (0)
  14. XP bootet nicht komplett! evtl. Sasser?
    Alles rund um Windows - 15.02.2009 (0)
  15. Computer führt Eigenleben
    Log-Analyse und Auswertung - 05.08.2008 (1)
  16. evtl Virus? pc langsam
    Log-Analyse und Auswertung - 14.08.2007 (15)
  17. Windows führt Programme nicht aus
    Alles rund um Windows - 11.06.2005 (13)

Zum Thema Computer bootet und führt Programme langsam aus (evtl. Virus?) - Hallo mein Computer bootet langsam und startet Programme sehr langsam. Habe mal mit OTL gescannt vielleicht erkennt jemand was verdächtiges. Schonmal THX für die Hilfe im vorraus Code: Alles auswählen - Computer bootet und führt Programme langsam aus (evtl. Virus?)...
Archiv
Du betrachtest: Computer bootet und führt Programme langsam aus (evtl. Virus?) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.