| |
| |||||||
Log-Analyse und Auswertung: Browsergames ruckeln solange svchost.exe läuftWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.06.2010, 15:46
| #1 |
| |  Browsergames ruckeln solange svchost.exe läuft Hallo, ich habe ein problem und zwar solange eine svchost.exe läuft die ca. 130mb ram verbraucht ruckelt die browser games. Kille ich diesen prozess läuft alles normal.... Problem ist der Prozess startet nach kurzer Zeit direkt wieder, deshalb habe ich nen HiJack log angefertigt HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:38:32, on 21.06.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: F:\Programme\NAV\Engine\17.7.0.12\ccSvcHst.exe E:\Fraps\fraps.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Windows\SysWOW64\rundll32.exe F:\Programme\WhatPulse\WhatPulse.exe F:\Programme\Acronis True Image\TrueImageMonitor.exe F:\Programme\iTunes\iTunesHelper.exe C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe C:\Windows\SysWOW64\Ctxfihlp.exe F:\Programme\Xfire\Xfire.exe C:\Windows\system\Cm106eye.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files (x86)\Windows Media Player\wmplayer.exe E:\Firefox\firefox.exe F:\Programme\Ad-Aware\Ad-Aware.exe F:\Programme\Ad-Aware\AAWTray.exe C:\Users\xxx\AppData\Local\Temp\7zO2B53.tmp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Programme\NAV\Engine\17.7.0.12\IPSBHO.DLL O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Programme\Acronis True Image\TrueImageMonitor.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE O4 - HKCU\..\Run: [WhatPulse] F:\Programme\WhatPulse\WhatPulse.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Logitech blank Produktregistrierung.lnk = F:\Programme\Logitech\G35\eReg.exe O4 - Startup: Xfire.lnk = F:\Programme\Xfire\Xfire.exe O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing) O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - F:\Programme\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - F:\Programme\NAV\Engine\17.7.0.12\ccSvcHst.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: O&O CleverCache (O&O CleverCache) - O&O Software GmbH - E:\OO\CleverCache\ooccag.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9193 bytes |
|
21.06.2010, 22:02
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Browsergames ruckeln solange svchost.exe läuft Hallo und
__________________ bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
22.06.2010, 19:19
| #3 |
| | Browsergames ruckeln solange svchost.exe läuftCode:
ATTFilter OTL logfile created on: 22.06.2010 20:11:22 - Run 1 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\ajenderny\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 65,00% Memory free 16,00 Gb Paging File | 13,00 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 117,09 Gb Total Space | 79,20 Gb Free Space | 67,64% Space Free | Partition Type: NTFS Drive D: | 58,59 Gb Total Space | 46,06 Gb Free Space | 78,61% Space Free | Partition Type: NTFS Drive E: | 90,45 Gb Total Space | 84,24 Gb Free Space | 93,13% Space Free | Partition Type: NTFS Drive F: | 224,61 Gb Total Space | 211,65 Gb Free Space | 94,23% Space Free | Partition Type: NTFS Drive G: | 589,73 Gb Total Space | 517,34 Gb Free Space | 87,73% Space Free | Partition Type: NTFS Drive H: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: WORKSTATION Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\ajenderny\Downloads\OTL.exe (OldTimer Tools) PRC - F:\Programme\Ad-Aware\AAWTray.exe (Lavasoft) PRC - F:\Programme\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Windows\SysWOW64\PnkBstrB.exe () PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - F:\Programme\Xfire\Xfire.exe (Xfire Inc.) PRC - D:\Herr der Ringe online\lotroclient.exe (Turbine, Inc.) PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd) PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd) PRC - F:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - E:\Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd) PRC - F:\Programme\NAV\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation) PRC - D:\Herr der Ringe online\TurbineLauncher.exe (Turbine, Inc.) PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - F:\Programme\WhatPulse\WhatPulse.exe (WhatPulse.org) PRC - C:\Windows\system\cm106eye.exe () ========== Modules (SafeList) ========== MOD - C:\Users\ajenderny\Downloads\OTL.exe (OldTimer Tools) MOD - F:\Programme\Xfire\xfire_toucan_42784.dll (Xfire Inc.) MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\SysWOW64\msvcr71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- F:\Programme\Ad-Aware\AAWService.exe (Lavasoft) SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe () SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (Boonty Games) -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (NAV) -- F:\Programme\NAV\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation) SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (O&O CleverCache) -- E:\OO\CleverCache\ooccag.exe (O&O Software GmbH) SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M] SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof () ========== Driver Services (SafeList) ========== DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\symtdiv.sys (Symantec Corporation) DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd) DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd) DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd) DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd) DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.) DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd) DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd) DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\ironx64.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\symefa64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\srtspx64.sys (Symantec Corporation) DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\cchpx64.sys (Symantec Corporation) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\symds64.sys (Symantec Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech) DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (fxusbase) -- C:\Windows\SysNative\drivers\fxusbase.sys (AVM Berlin) DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100617.005\IDSviA64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100522.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100622.003\EX64.SYS (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100622.003\ENG64.SYS (Symantec Corporation) DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof () DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 77 09 E5 94 0D CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1 FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0 FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87 FF - prefs.js..extensions.enabledItems: remove-new-tab-button@forerunnerdesigns.com:1.0 FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2010.05.26 17:00:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Firefox\components [2010.05.12 17:34:34 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Firefox\plugins [2010.06.19 13:07:53 | 000,000,000 | ---D | M] [2009.12.26 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\ajenderny\AppData\Roaming\mozilla\Extensions [2010.06.21 21:14:21 | 000,000,000 | ---D | M] -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions [2010.06.13 10:32:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2010.04.14 16:53:40 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055} [2010.05.18 16:56:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.04.12 23:27:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2009.12.26 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\remove-new-tab-button@forerunnerdesigns.com O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Programme\NAV\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] File not found O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.DLL (C-Media Corporation) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [ooccctrl.exe] E:\OO\CleverCache\ooccctrl.exe (O&O Software GmbH) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd) O4 - HKCU..\Run: [WhatPulse] F:\Programme\WhatPulse\WhatPulse.exe (WhatPulse.org) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] F:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\ajenderny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = F:\Programme\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - H:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - H:\Autorun -- [ CDFS ] O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - H:\Autorun.ico -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - H:\autorun.dat -- [ CDFS ] O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{705b0190-f21c-11de-8e31-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{705b0190-f21c-11de-8e31-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.06.22 19:54:46 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Roaming\Malwarebytes [2010.06.22 19:54:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.06.22 19:54:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.06.22 19:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.22 19:38:15 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.06.22 19:38:14 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2010.06.22 19:36:45 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.06.22 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2010.06.22 19:36:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.06.21 16:27:20 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.06.21 16:27:16 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.06.21 16:24:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6} [2010.06.21 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010.06.19 16:33:07 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.06.19 16:33:07 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.06.19 16:33:07 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.06.19 16:33:07 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.06.19 16:33:05 | 021,662,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.06.19 16:33:05 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.06.19 16:33:05 | 003,184,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2010.06.19 16:33:05 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll [2010.06.19 16:33:05 | 000,405,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010.06.19 16:33:05 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.06.19 16:33:03 | 012,338,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.06.19 16:33:03 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.06.19 16:33:03 | 002,867,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.06.19 16:33:03 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.06.19 16:33:03 | 002,291,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.06.19 16:33:03 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.06.19 16:33:02 | 014,511,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.06.19 16:33:02 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.06.19 16:33:02 | 006,065,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.06.19 16:33:02 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.06.19 16:33:02 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll [2010.06.19 16:33:02 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010.06.19 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Eumex 400 [2010.06.19 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Roaming\Eumex 400 [2010.06.19 13:04:26 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll [2010.06.19 13:04:26 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll [2010.06.19 13:04:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL [2010.06.19 13:04:26 | 000,031,232 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\SysWow64\I2errDeu.dll [2010.06.19 13:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eumex 400 [2010.06.19 13:03:50 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe [2010.06.12 02:19:32 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Local\ElevatedDiagnostics [2010.06.09 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Roaming\VistaAudio [2010.06.09 16:49:25 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.06.09 16:49:25 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.06.09 16:49:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.06.09 16:49:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.06.09 16:44:15 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX [2010.06.09 16:44:14 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004 [2010.06.09 16:44:14 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000 [2010.06.09 16:44:14 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001 [2010.06.09 16:44:14 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002 [2010.06.09 16:44:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003 [2010.06.08 16:22:25 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM106.dll [2010.06.08 16:22:25 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa106.dll [2010.06.08 16:22:21 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll [2010.06.08 16:22:13 | 001,307,648 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10664.sys [2010.06.08 16:22:13 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr106.dll [2010.06.07 17:21:02 | 015,282,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2010.06.07 17:21:02 | 001,691,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2010.06.07 17:21:02 | 001,448,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2010.06.07 17:21:02 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2010.06.01 18:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer [2010.05.31 18:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2010.05.31 18:19:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1920.dll [2010.05.05 16:53:36 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll ========== Files - Modified Within 30 Days ========== [2010.06.22 20:13:41 | 002,097,152 | -HS- | M] () -- C:\Users\ajenderny\NTUSER.DAT [2010.06.22 19:54:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.22 19:38:26 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.22 19:23:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.06.21 22:49:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-60021102}.rfx [2010.06.21 22:49:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-60021102}.rfx [2010.06.21 22:49:33 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-60021102}.rfx [2010.06.21 22:26:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 22:26:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.06.21 22:24:48 | 001,501,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.06.21 22:24:48 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.06.21 22:24:48 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.06.21 22:24:48 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.06.21 22:24:48 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.06.21 22:18:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.06.21 22:18:36 | 2145,492,991 | -HS- | M] () -- C:\hiberfil.sys [2010.06.21 22:17:19 | 003,386,226 | -H-- | M] () -- C:\Users\ajenderny\AppData\Local\IconCache.db [2010.06.21 20:22:56 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll [2010.06.21 20:22:56 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll [2010.06.21 20:22:56 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll [2010.06.21 20:22:56 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll [2010.06.21 20:22:56 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc [2010.06.21 16:27:08 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe [2010.06.21 16:26:38 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys [2010.06.21 16:26:17 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys [2010.06.21 16:24:44 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.19 13:04:32 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Konfigurator Eumex 400.lnk [2010.06.13 17:26:56 | 000,000,952 | ---- | M] () -- C:\Windows\Cm106.ini.imi [2010.06.12 11:02:25 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2010.06.12 11:02:25 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.06.09 17:09:24 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.06.08 16:25:27 | 000,000,489 | ---- | M] () -- C:\Windows\Cm106.ini.cfl [2010.06.08 16:25:26 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2010.06.08 16:25:18 | 000,000,087 | ---- | M] () -- C:\Windows\System\Cm106.ini [2010.06.08 01:58:00 | 021,662,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll [2010.06.08 01:58:00 | 015,764,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll [2010.06.08 01:58:00 | 014,511,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll [2010.06.08 01:58:00 | 012,338,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll [2010.06.08 01:58:00 | 010,263,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll [2010.06.08 01:58:00 | 009,712,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll [2010.06.08 01:58:00 | 006,824,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll [2010.06.08 01:58:00 | 006,065,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll [2010.06.08 01:58:00 | 004,967,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll [2010.06.08 01:58:00 | 004,513,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll [2010.06.08 01:58:00 | 003,184,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll [2010.06.08 01:58:00 | 002,890,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll [2010.06.08 01:58:00 | 002,867,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll [2010.06.08 01:58:00 | 002,632,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll [2010.06.08 01:58:00 | 002,291,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll [2010.06.08 01:58:00 | 002,145,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll [2010.06.08 01:58:00 | 001,994,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll [2010.06.08 01:58:00 | 001,592,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll [2010.06.08 01:58:00 | 000,405,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll [2010.06.08 01:58:00 | 000,332,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll [2010.06.08 01:58:00 | 000,255,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll [2010.06.08 01:58:00 | 000,255,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll [2010.06.08 01:58:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll [2010.06.08 01:58:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll [2010.06.08 01:58:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2010.06.08 01:58:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd [2010.06.07 17:21:02 | 015,282,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll [2010.06.07 17:21:02 | 001,691,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll [2010.06.07 17:21:02 | 001,448,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll [2010.06.07 17:21:02 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll [2010.06.01 19:03:34 | 000,001,854 | ---- | M] () -- C:\Users\ajenderny\AppData\Roaming\ImperatorProfile0.dat [2010.06.01 18:37:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf [2010.06.01 18:35:30 | 000,058,032 | ---- | M] () -- C:\Users\ajenderny\AppData\Local\GDIPFONTCACHEV1.DAT [2010.05.28 02:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll [2010.05.28 02:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll [2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.05.27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.05.27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll ========== Files Created - No Company Name ========== [2010.06.22 19:54:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.22 19:38:26 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.21 17:47:27 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe [2010.06.21 16:24:44 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2010.06.19 13:04:32 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Konfigurator Eumex 400.lnk [2010.06.08 16:22:25 | 000,787,456 | ---- | C] () -- C:\Windows\SysNative\Cmeau106.exe [2010.06.08 16:22:25 | 000,491,520 | ---- | C] () -- C:\Windows\System\cmau106.dll [2010.06.08 16:22:25 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM106.cpl [2010.06.08 16:22:25 | 000,221,184 | ---- | C] () -- C:\Windows\System\cm106eye.exe [2010.06.08 16:22:25 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll [2010.06.08 16:22:25 | 000,010,134 | ---- | C] () -- C:\Windows\cmeau106.ico [2010.06.08 16:22:25 | 000,000,489 | ---- | C] () -- C:\Windows\Cm106.ini.cfl [2010.06.08 16:22:25 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx [2010.06.08 16:22:21 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll [2010.06.08 16:22:21 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg [2010.06.08 16:22:21 | 000,000,952 | ---- | C] () -- C:\Windows\Cm106.ini.imi [2010.06.08 16:22:21 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini [2010.06.08 16:22:21 | 000,000,087 | ---- | C] () -- C:\Windows\System\Cm106.ini [2010.06.01 18:43:14 | 000,001,854 | ---- | C] () -- C:\Users\ajenderny\AppData\Roaming\ImperatorProfile0.dat [2010.06.01 18:37:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf [2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.05.28 02:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll [2010.05.05 17:34:20 | 000,027,039 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini [2010.05.05 16:51:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll [2009.12.26 18:35:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2009.12.26 18:35:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2009.12.26 18:35:25 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL [2009.12.26 16:57:04 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.03 22:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini [2009.05.26 19:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\SysWow64\kill.ini [2009.04.15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > Code:
ATTFilter OTL Extras logfile created on: 22.06.2010 20:11:22 - Run 1
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\ajenderny\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 65,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 79,20 Gb Free Space | 67,64% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 46,06 Gb Free Space | 78,61% Space Free | Partition Type: NTFS
Drive E: | 90,45 Gb Total Space | 84,24 Gb Free Space | 93,13% Space Free | Partition Type: NTFS
Drive F: | 224,61 Gb Total Space | 211,65 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
Drive G: | 589,73 Gb Total Space | 517,34 Gb Free Space | 87,73% Space Free | Partition Type: NTFS
Drive H: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
Computer Name: WORKSTATION
Current User Name: *****
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}" = O&O CleverCache
"C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D9292112-253F-438D-B1AB-432E5A1FE1B5}" = Imperator Firmware Updater 1.13
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"Konfigurator Eumex 400" = Konfigurator Eumex 400
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NAV" = Norton AntiVirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Visual Watermark_is1" = Visual Watermark 2.9.30
"WhatPulse" = WhatPulse 1.6.2.1
"Xfire" = Xfire (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LCDHost" = LCDHost - a compositing plugin manager for LCD's
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 20.06.2010 16:05:40 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.06.2010 16:05:40 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1264
Error - 20.06.2010 16:05:40 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1264
Error - 20.06.2010 16:05:42 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.06.2010 16:05:42 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2512
Error - 20.06.2010 16:05:42 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2512
Error - 20.06.2010 16:05:43 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 20.06.2010 16:05:43 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3760
Error - 20.06.2010 16:05:43 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3760
Error - 21.06.2010 10:25:25 | Computer Name = Workstation | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
[ System Events ]
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error - 21.06.2010 13:26:20 | Computer Name = Workstation | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 21.06.2010 13:38:32 | Computer Name = Workstation | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 21.06.2010 16:49:34 | Computer Name = Workstation | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
Error - 22.06.2010 13:37:04 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Neustart des Diensts.
< End of report >
|
|
22.06.2010, 19:58
| #4 |
| | Browsergames ruckeln solange svchost.exe läuftCode:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4225
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
22.06.2010 20:38:26
mbam-log-2010-06-22 (20-38-26).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 217761
Laufzeit: 33 Minute(n), 40 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
| Themen zu Browsergames ruckeln solange svchost.exe läuft |
| ad-aware, adobe, antivirus, bho, bonjour, browser, dll, explorer, firefox, hijack, hijackthis, internet, internet explorer, intrusion prevention, local\temp, log, nvidia, problem, programme, prozess, rundll, software, svchost.exe, symantec, system, syswow64, temp, windows |
Linear-Darstellung
