Zurück   Trojaner-Board > Malware entfernen > Antiviren-, Firewall- und andere Schutzprogramme
Internettraffic Problem / highping als Merkmal

Internettraffic Problem / highping als Merkmal


Antiviren-, Firewall- und andere Schutzprogramme: Internettraffic Problem / highping als Merkmal

Windows 7 Sämtliche Fragen zur Bedienung von Firewalls, Anti-Viren Programmen, Anti Malware und Anti Trojaner Software sind hier richtig. Dies ist ein Diskussionsforum für Sicherheitslösungen für Windows Rechner. Benötigst du Hilfe beim Trojaner entfernen oder weil du dir einen Virus eingefangen hast, erstelle ein Thema in den oberen Bereinigungsforen.

Antwort
Alt 27.10.2010, 05:10   #1
mysL
 
Internettraffic Problem / highping als Merkmal - Icon16

Internettraffic Problem / highping als Merkmal


Hallo liebes Board, Ich bin neu hier und musste mich erstmal durch die ganzen Tipps und Einleitungen kämpfen und bin echt froh das ich es hier her geschafft habe :-D Jetzt kann ich nur noch hoffen das ich im richtigen Forum bin. Vergebt mir wenn es nicht so ist :-(


Zu meinem Problem:

Ich vermute das irgendetwas mit meiner Leitung nicht stimmt. Wenn ich mich mit Freunden im Teamspeak unterhalte oder ab und zu ein Zocke schwankt mein Ping von 40-50 auf 200. Diese Lags tretten verschieden auf. Je nach Spiel merkt man es mehr mal weniger. Jedenfalls schwankt es und es sieht so aus als ob irgendein Programm den Upload nutzt. Mein System ist vor ca. 3-4 Wochen mit Win7 Ultimate aufgesetzt worden.

Win7 Ultimate
AM3 4x 3,4
2GB Ram 1666er
Radeon 4890HD
Verbunden über Kabelmodem und D-Link Router
Anschluss 2Mbit


Hab wirklich schon viel versucht, auch Trafficreports geprüft oder Programme deinstalliert, Firewall deinstalliert usw. Eben alles was einem Leihen so einfällt (ok formatiert hab ich noch nich ;D )

Im FAQ hab ich die Anweisungen befolgt und die Logfiles dem Download "LOAD.exe" hochgeladen. Diese findet ihr gezippt unter folgendem Link


Vielleicht könnt Ihr mir irgendwie helfen dem Problem auf die Spur zu kommen. Hoffe das ich nicht von irgendetwas infiziert bin.

Danke schonmal für die Zeit,

Falls ich irgendwas vergessen habe oder was falsch gemacht habe bitte ich um Welpenschutz

EDIT: DA ICH DIE FILE IRGENDWIE NICHT VERLINKEN KANN, POSTE ICH DEN INHALT HIER IM THREAD, HOFFE DER WIRD NICH ZU LANG!


EXTRAS.TXT ->OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.10.2010 05:43:44 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Public\Desktop\MFtools
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 14,47 Gb Free Space | 29,68% Space Free | Partition Type: NTFS
Drive D: | 230,63 Gb Total Space | 106,77 Gb Free Space | 46,30% Space Free | Partition Type: NTFS
Drive I: | 698,63 Gb Total Space | 467,23 Gb Free Space | 66,88% Space Free | Partition Type: NTFS
 
Computer Name: XXXX-PC | User Name: XXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08347912-0AA5-C85E-BC02-416568E741B4}" = AMD Drag and Drop Transcoding
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{897BE4A7-682B-7375-BBAF-05A44FC2B524}" = ATI Catalyst Install Manager
"{914C25C6-603C-16C9-BE33-8A09E5632350}" = ccc-utility64
"{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"gogoc" = gogo6 gogoCLIENT
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NetBalancer_is1" = NetBalancer
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{12444FB2-997D-7BB2-0CEB-453E31307929}" = ccc-core-static
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51399947-35EF-10B8-FC7F-0D435C701A2D}" = Catalyst Control Center InstallProxy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{707790EF-9E51-1548-F90C-57B38065F38C}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7B5999EE-F2DD-4677-675D-51F11C6F6181}" = Catalyst Control Center Graphics Previews Common
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{96503976-1BCE-4261-A597-B36CF7DD9CB7}_is1" = Gothic II Gold Edition
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE096DBF-8878-6943-3858-7EE9D54D70B7}" = CCC Help English
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5AED751-CD8F-43EF-8720-AD970CBEA741}" = Medal of Honor™ MP Open Beta
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.12.327
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"AC3Filter_is1" = AC3Filter 1.63b
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnalogX NetStat Live" = AnalogX NetStat Live
"ArcaniA" = ArcaniA - Gothic 4
"AudioCS" = Creative Audio-Systemsteuerung
"AutoHotkey" = AutoHotkey 1.0.48.05
"Avi2Dvd" = Avi2Dvd 0.6.1
"AviSynth" = AviSynth 2.5
"CoreAAC Audio Decoder" = CoreAAC Audio Decoder (remove only)
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"ERUNT_is1" = ERUNT 1.1j
"Fallout New Vegas_is1" = Fallout New Vegas
"ffdshow_is1" = ffdshow [rev 3299] [2010-03-03]
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"HaaliMkx" = Haali Media Splitter
"JDownloader" = JDownloader
"League of Legends_is1" = League of Legends
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mumble" = Mumble and Murmur
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"QIP2005" = QIP 2005 Uninstall
"SABnzbd" = SABnzbd (remove only)
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"TmNationsForever_is1" = TmNationsForever
"Uninstall_is1" = Uninstall 1.0.0.1
"UT2004" = Unreal Tournament 2004
"WinPcapInst" = WinPcap 4.1.2
"Wireshark" = Wireshark 1.4.1
"World of Warcraft" = World of Warcraft
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 aswMonFlt.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 avast! Firewall NDIS Filter Service.  System Error: Das System kann die angegebene
 Datei nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 avast! Firewall Core Firewall Service.  System Error: Das System kann die angegebene
 Datei nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 aswRdr.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 aswSnx.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 aswSP.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 avast! Network Shield Support.  System Error: Das System kann die angegebene Datei
 nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddLegacyDriverFiles: Unable to back up image of binary
 PStrip64.  System Error: Das System kann die angegebene Datei nicht finden.  .
 
Error - 26.10.2010 22:57:53 | Computer Name = XXXX-PC | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts
 "System Writer".  Details: AddWin32ServiceFiles: Unable to back up image of service
 avast! Antivirus since QueryServiceConfig API failed  System Error: Das System kann
 die angegebene Datei nicht finden.  .
 
Error - 26.10.2010 23:34:51 | Computer Name = XXXX-PC | Source = SeriousBit NetBalancer 2.1.2 Free | ID = 0
Description = System.Net.WebException: Der Remotename konnte nicht aufgelöst werden:
 'seriousbit.com'     bei System.Net.HttpWebRequest.GetResponse()     bei b1.a()     bei
 b1.b()
 
[ System Events ]
Error - 13.10.2010 19:41:22 | Computer Name = XXXX-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 14.10.2010 08:24:01 | Computer Name = XXXX-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 14.10.2010 14:10:00 | Computer Name = XXXX-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort1 gefunden.
 
Error - 16.10.2010 20:53:49 | Computer Name = XXXX-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.10.2010 08:54:07 | Computer Name = XXXX-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?10.?2010 um 13:32:54 unerwartet heruntergefahren.
 
Error - 19.10.2010 14:16:22 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 19.10.2010 14:16:23 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 LogMeIn Hamachi 2.0 Tunneling Engine erreicht.
 
Error - 19.10.2010 14:16:23 | Computer Name = XXXX-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LogMeIn Hamachi 2.0 Tunneling Engine" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 19.10.2010 14:36:16 | Computer Name = XXXX-PC | Source = bowser | ID = 8003
Description = 
 
Error - 21.10.2010 08:48:00 | Computer Name = XXXX-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
 
< End of report >
--- --- ---

MBAM.TXT

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4958

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.10.2010 05:40:42
mbam-log-2010-10-27 (05-40-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 148990
Laufzeit: 2 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL.TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.10.2010 05:43:44 - Run 1
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Public\Desktop\MFtools
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48,73 Gb Total Space | 14,47 Gb Free Space | 29,68% Space Free | Partition Type: NTFS
Drive D: | 230,63 Gb Total Space | 106,77 Gb Free Space | 46,30% Space Free | Partition Type: NTFS
Drive I: | 698,63 Gb Total Space | 467,23 Gb Free Space | 66,88% Space Free | Partition Type: NTFS
 
Computer Name: XXXXX-PC | User Name: XXXXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.27 05:26:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
PRC - [2010.10.27 05:01:11 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.10.22 19:57:25 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\firefox.exe
PRC - [2010.05.05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.05.05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
PRC - [2009.12.10 03:37:16 | 003,690,496 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe
PRC - [2006.11.17 17:42:46 | 000,053,341 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTSched.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.27 05:26:01 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - File not found [Auto | Running] -- C:\Windows\SysNative\PnkBstrA.exe -- (PnkBstrA)
SRV:64bit: - [2010.08.04 03:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.07.23 12:12:50 | 000,010,240 | ---- | M] (Microsoft) [Auto | Running] -- C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe -- (NetBalancer Windows Service)
SRV:64bit: - [2010.05.20 15:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2010.03.13 02:04:14 | 000,527,688 | ---- | M] (gogo6, Inc.) [Auto | Running] -- C:\Program Files\gogo6\gogoCLIENT\gogoc.exe -- (gogoc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2010.10.27 05:01:11 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.10.27 04:02:13 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.08.27 18:03:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.10 03:39:04 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2006.12.19 10:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.09.23 09:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.08.31 01:26:24 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.27 23:12:22 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.08.04 04:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.04 04:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.04 03:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.15 14:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.05.20 15:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
DRV:64bit: - [2010.05.15 00:06:12 | 000,034,280 | ---- | M] (SeriousBit) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nbdrv.sys -- (Nbdrv)
DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.04.19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.03.13 02:04:06 | 000,027,648 | ---- | M] (gogo6 Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gogotun.sys -- (gogoTunnelDevice)
DRV:64bit: - [2010.02.03 15:56:56 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 13 BB A2 40 46 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\components [2010.10.22 19:57:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\plugins [2010.10.22 19:57:30 | 000,000,000 | ---D | M]
 
[2010.08.27 01:47:51 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\mozilla\Extensions
[2010.10.27 04:30:16 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\fvs35bsl.default\extensions
[2010.10.14 01:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\fvs35bsl.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.03 17:45:05 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\mozilla\Firefox\Profiles\fvs35bsl.default\extensions\vshare@toolbar
[2010.08.31 01:34:17 | 000,002,059 | ---- | M] () -- C:\Users\XXXXX\AppData\Roaming\Mozilla\FireFox\Profiles\fvs35bsl.default\searchplugins\daemon-search.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [CreativeTaskScheduler] C:\Program Files (x86)\Creative\Shared Files\CTSched.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe (SeriousBit)
O4 - Startup: C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\XXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\XXXXX\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8bcd6791-b48f-11df-9499-6cf049026867}\Shell - "" = AutoRun
O33 - MountPoints2\{8bcd6791-b48f-11df-9499-6cf049026867}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found
O33 - MountPoints2\{b5b743bc-c3ad-11df-9a2f-6cf049026867}\Shell - "" = AutoRun
O33 - MountPoints2\{b5b743bc-c3ad-11df-9a2f-6cf049026867}\Shell\AutoRun\command - "" = H:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^Users^XXXXX^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip - File not found
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EA Link\Core.exe File not found
MsConfig:64bit - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe File not found
MsConfig:64bit - StartUpReg: LifeCam - hkey= - key= - C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe File not found
MsConfig:64bit - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - d:\[][][] games\steam\steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.ac3filter - ac3filter64.acm ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\SysWow64\ac3filter.acm ()
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.27 05:36:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010.10.27 05:26:46 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Malwarebytes
[2010.10.27 05:26:36 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.27 05:26:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.27 05:26:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.27 05:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.27 05:25:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.10.27 04:58:45 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\SeriousBit
[2010.10.27 04:57:25 | 000,034,280 | ---- | C] (SeriousBit) -- C:\Windows\SysNative\drivers\nbdrv.sys
[2010.10.27 04:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\NetBalancer
[2010.10.27 04:57:14 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\Wireshark
[2010.10.27 04:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2010.10.27 04:51:35 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2010.10.27 04:02:20 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.10.27 04:00:42 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\Sunbelt Software
[2010.10.27 03:59:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.10.27 03:59:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.10.27 03:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.10.27 03:49:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AnalogX
[2010.10.27 03:17:22 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.27 03:16:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.10.27 02:37:54 | 000,000,000 | ---D | C] -- C:\ProgramData\id Software
[2010.10.27 01:23:52 | 000,000,000 | R--D | C] -- C:\Users\XXXXX\Desktop\Bewerbungen
[2010.10.26 01:55:21 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.10.23 23:10:24 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\FalloutNV
[2010.10.23 19:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.10.21 03:50:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PostgreSQL
[2010.10.21 03:45:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerTracker 3
[2010.10.21 02:16:08 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\PokerStars
[2010.10.21 02:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2010.10.14 17:35:15 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\My Games
[2010.10.14 01:05:07 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.14 01:04:51 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\Documents\DVDVideoSoft
[2010.10.14 01:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.10.14 01:04:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.10.14 00:35:31 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\Documents\ArcaniA - Gothic 4
[2010.10.14 00:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QIP8070
[2010.10.12 18:08:20 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\Documents\ICQ
[2010.10.12 18:07:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\plugins
[2010.10.12 18:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.12 14:21:07 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\AppData\Local\AOL
[2010.10.11 16:50:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2010.10.04 17:46:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
[2010.10.03 23:14:21 | 000,000,000 | ---D | C] -- C:\Users\XXXXX\Documents\EA Games
[2010.10.03 21:13:48 | 000,000,000 | ---D | C] -- C:\Fraps
[2010.10.03 21:05:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.10.03 21:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.08.27 23:12:22 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\XXXXX\AppData\Roaming\pcouffin.sys
[2010.08.27 01:47:34 | 011,734,488 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll
[2010.08.27 01:47:34 | 000,912,344 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe
[2010.08.27 01:47:34 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcrt19.dll
[2010.08.27 01:47:34 | 000,719,832 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozcpp19.dll
[2010.08.27 01:47:34 | 000,646,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll
[2010.08.27 01:47:34 | 000,492,504 | ---- | C] (sqlite.org) -- C:\Program Files\sqlite3.dll
[2010.08.27 01:47:34 | 000,343,000 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll
[2010.08.27 01:47:34 | 000,249,856 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll
[2010.08.27 01:47:34 | 000,245,208 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe
[2010.08.27 01:47:34 | 000,203,736 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll
[2010.08.27 01:47:34 | 000,155,648 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll
[2010.08.27 01:47:34 | 000,142,296 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll
[2010.08.27 01:47:34 | 000,107,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe
[2010.08.27 01:47:34 | 000,105,432 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll
[2010.08.27 01:47:34 | 000,098,304 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll
[2010.08.27 01:47:34 | 000,089,048 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll
[2010.08.27 01:47:34 | 000,021,976 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll
[2010.08.27 01:47:34 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll
[2010.08.27 01:47:34 | 000,019,416 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll
[2010.08.27 01:47:34 | 000,018,904 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll
[2010.08.27 01:47:34 | 000,016,856 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe
[2010.05.05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.27 05:41:57 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.27 05:41:57 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.27 05:36:16 | 000,001,123 | ---- | M] () -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.10.27 05:36:14 | 000,000,943 | ---- | M] () -- C:\Users\XXXXX\Desktop\NTREGOPT.lnk
[2010.10.27 05:36:14 | 000,000,924 | ---- | M] () -- C:\Users\XXXXX\Desktop\ERUNT.lnk
[2010.10.27 05:34:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.27 05:34:09 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.27 05:33:30 | 000,060,968 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2010.10.27 05:33:30 | 000,060,968 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2010.10.27 05:33:30 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2010.10.27 05:26:39 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.27 05:01:22 | 000,235,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.10.27 05:01:22 | 000,235,248 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.27 05:01:11 | 000,075,064 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.26 21:53:00 | 000,011,108 | ---- | M] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.ini
[2010.10.26 21:52:57 | 000,011,108 | ---- | M] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.bak
[2010.10.26 21:50:22 | 000,011,108 | ---- | M] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.bk!
[2010.10.26 10:48:38 | 000,011,108 | ---- | M] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.bko
[2010.10.24 01:10:16 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.24 01:10:16 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.24 01:10:16 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.24 01:10:16 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.24 01:10:16 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.22 19:57:32 | 000,001,213 | ---- | M] () -- C:\Program Files\updates.xml
[2010.10.22 19:57:32 | 000,000,057 | ---- | M] () -- C:\Program Files\active-update.xml
[2010.10.22 19:57:28 | 000,492,504 | ---- | M] (sqlite.org) -- C:\Program Files\sqlite3.dll
[2010.10.22 19:57:28 | 000,000,701 | ---- | M] () -- C:\Program Files\updater.ini
[2010.10.22 19:57:28 | 000,000,478 | ---- | M] () -- C:\Program Files\softokn3.chk
[2010.10.22 19:57:28 | 000,000,003 | ---- | M] () -- C:\Program Files\update.locale
[2010.10.22 19:57:27 | 000,016,246 | ---- | M] () -- C:\Program Files\removed-files
[2010.10.22 19:57:27 | 000,000,478 | ---- | M] () -- C:\Program Files\nssdbm3.chk
[2010.10.22 19:57:27 | 000,000,142 | ---- | M] () -- C:\Program Files\platform.ini
[2010.10.22 19:57:26 | 001,018,328 | ---- | M] () -- C:\Program Files\js3250.dll
[2010.10.22 19:57:25 | 000,004,296 | ---- | M] () -- C:\Program Files\crashreporter.ini
[2010.10.22 19:57:25 | 000,000,705 | ---- | M] () -- C:\Program Files\crashreporter-override.ini
[2010.10.22 19:57:25 | 000,000,478 | ---- | M] () -- C:\Program Files\freebl3.chk
[2010.10.22 19:57:25 | 000,000,115 | ---- | M] () -- C:\Program Files\dependentlibs.list
[2010.10.22 19:57:23 | 000,031,393 | ---- | M] () -- C:\Program Files\LICENSE
[2010.10.22 19:57:23 | 000,004,137 | ---- | M] () -- C:\Program Files\blocklist.xml
[2010.10.22 19:57:23 | 000,002,129 | ---- | M] () -- C:\Program Files\application.ini
[2010.10.22 19:57:23 | 000,000,220 | ---- | M] () -- C:\Program Files\browserconfig.properties
[2010.10.22 19:57:23 | 000,000,000 | ---- | M] () -- C:\Program Files\.autoreg
[2010.10.21 23:42:08 | 000,003,584 | ---- | M] () -- C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.21 03:45:35 | 000,005,077 | ---- | M] () -- C:\ProgramData\bltofzsb.qlf
[2010.10.14 14:23:12 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.14 02:16:05 | 000,000,977 | ---- | M] () -- C:\Users\XXXXX\Desktop\DLs.lnk
[2010.10.13 23:10:26 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.10.12 18:00:44 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settingsbkup.sfm
[2010.10.12 18:00:44 | 000,001,080 | ---- | M] () -- C:\Windows\SysNative\settings.sfm
[2010.10.12 16:39:46 | 000,004,096 | ---- | M] () -- C:\Windows\d3dx.dat
[2010.10.04 17:52:04 | 000,000,238 | ---- | M] () -- C:\Users\XXXXX\Documents\AutoHotkey.ahk
[2010.09.27 11:08:59 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
 
========== Files Created - No Company Name ==========
 
[2010.10.27 05:36:16 | 000,001,123 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010.10.27 05:36:14 | 000,000,943 | ---- | C] () -- C:\Users\XXXXX\Desktop\NTREGOPT.lnk
[2010.10.27 05:36:14 | 000,000,924 | ---- | C] () -- C:\Users\XXXXX\Desktop\ERUNT.lnk
[2010.10.27 05:26:39 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.27 05:01:22 | 000,235,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.10.27 05:01:11 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.10.22 19:57:32 | 000,001,213 | ---- | C] () -- C:\Program Files\updates.xml
[2010.10.22 19:57:32 | 000,000,057 | ---- | C] () -- C:\Program Files\active-update.xml
[2010.10.22 19:57:27 | 000,016,246 | ---- | C] () -- C:\Program Files\removed-files
[2010.10.22 19:57:23 | 000,000,000 | ---- | C] () -- C:\Program Files\.autoreg
[2010.10.21 23:42:08 | 000,003,584 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.10.21 03:45:35 | 000,005,077 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf
[2010.10.14 02:14:09 | 000,000,977 | ---- | C] () -- C:\Users\XXXXX\Desktop\DLs.lnk
[2010.10.13 23:52:16 | 000,013,110 | ---- | C] () -- C:\Program Files\hs_err_pid1760.log
[2010.10.12 16:39:46 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.10.04 17:49:46 | 000,000,238 | ---- | C] () -- C:\Users\XXXXX\Documents\AutoHotkey.ahk
[2010.10.03 23:12:23 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.09.27 11:08:59 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.09.03 06:30:08 | 000,011,108 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.bko
[2010.08.31 16:34:33 | 000,011,108 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.bk!
[2010.08.31 16:34:22 | 000,011,108 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.bak
[2010.08.31 02:16:39 | 000,011,108 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\PStrip.ini
[2010.08.27 23:13:19 | 000,001,057 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\vso_ts_preview.xml
[2010.08.27 23:12:59 | 000,000,034 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\pcouffin.log
[2010.08.27 23:12:22 | 000,099,384 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\inst.exe
[2010.08.27 23:12:22 | 000,007,859 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\pcouffin.cat
[2010.08.27 23:12:22 | 000,001,167 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\pcouffin.inf
[2010.08.27 22:42:33 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.08.27 22:42:32 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.08.27 22:42:20 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.08.27 19:53:19 | 000,000,064 | ---- | C] () -- C:\Users\XXXXX\AppData\Roaming\default.pls
[2010.08.27 19:47:28 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.08.27 18:14:47 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.27 18:02:21 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.08.27 18:02:20 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.08.27 18:01:54 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.08.27 04:12:27 | 000,007,602 | ---- | C] () -- C:\Users\XXXXX\AppData\Local\Resmon.ResmonCfg
[2010.08.27 01:47:35 | 000,000,701 | ---- | C] () -- C:\Program Files\updater.ini
[2010.08.27 01:47:35 | 000,000,220 | ---- | C] () -- C:\Program Files\browserconfig.properties
[2010.08.27 01:47:35 | 000,000,003 | ---- | C] () -- C:\Program Files\update.locale
[2010.08.27 01:47:34 | 001,018,328 | ---- | C] () -- C:\Program Files\js3250.dll
[2010.08.27 01:47:34 | 000,040,330 | ---- | C] () -- C:\Program Files\install.log
[2010.08.27 01:47:34 | 000,031,393 | ---- | C] () -- C:\Program Files\LICENSE
[2010.08.27 01:47:34 | 000,004,296 | ---- | C] () -- C:\Program Files\crashreporter.ini
[2010.08.27 01:47:34 | 000,004,137 | ---- | C] () -- C:\Program Files\blocklist.xml
[2010.08.27 01:47:34 | 000,002,129 | ---- | C] () -- C:\Program Files\application.ini
[2010.08.27 01:47:34 | 000,000,705 | ---- | C] () -- C:\Program Files\crashreporter-override.ini
[2010.08.27 01:47:34 | 000,000,478 | ---- | C] () -- C:\Program Files\softokn3.chk
[2010.08.27 01:47:34 | 000,000,478 | ---- | C] () -- C:\Program Files\nssdbm3.chk
[2010.08.27 01:47:34 | 000,000,478 | ---- | C] () -- C:\Program Files\freebl3.chk
[2010.08.27 01:47:34 | 000,000,229 | ---- | C] () -- C:\Program Files\README.txt
[2010.08.27 01:47:34 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini
[2010.08.27 01:47:34 | 000,000,115 | ---- | C] () -- C:\Program Files\dependentlibs.list
[2010.06.25 19:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2010.05.05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.05.05 20:37:50 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2010.05.05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.06 13:47:08 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
 
========== LOP Check ==========
 
[2010.08.31 01:40:23 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Lite
[2010.08.31 01:24:25 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\DAEMON Tools Net
[2010.10.14 01:05:07 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.27 23:49:02 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\LolClient
[2010.08.31 23:16:02 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Mumble
[2010.09.17 02:13:21 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Need for Speed World
[2010.10.27 04:58:45 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\SeriousBit
[2010.08.28 04:29:43 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Vso
[2010.10.27 04:57:14 | 000,000,000 | ---D | M] -- C:\Users\XXXXX\AppData\Roaming\Wireshark
[2009.07.14 07:08:49 | 000,018,522 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2010.10.27 05:34:09 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.27 05:34:09 | 2145,902,592 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---
Alt 28.10.2010, 20:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Internettraffic Problem / highping als Merkmal - Standard

Internettraffic Problem / highping als Merkmal


Zitat:
Art des Suchlaufs: Quick-Scan
Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________

__________________
Antwort

Themen zu Internettraffic Problem / highping als Merkmal
7-zip, aswmonflt., aswrdr., avast!, board, c:\windows\system32\rundll32.exe, call of duty, components, d-link, download, falsch, firefox.exe, firewall, folge, forum, gen, highping, ieframe.dll, infiziert, install.exe, internet, internetschwankungen, jdownloader, langs, league of legends, load.exe, location, logfiles, merkt, neu, nicht möglich, oldtimer, otl logfile, plug-in, problem, programdata, programm, programme, retten, saver, schattenkopien, schutz, searchplugins, shell32.dll, shortcut, sptd.sys, start menu, system, syswow64, teamspeak, tipps, traffic, upload, video converter, webcheck, win, win7


« Winlogon.exe ca. 40 mal in den Prozessen | Firewall für XP gesucht, die bestimmte Voraussetzungen erfüllt »


Ähnliche Themen: Internettraffic Problem / highping als Merkmal


  1. Windows 8: Problem beim Starten von C:\ Problem Files (x86)\HomeTab\TBUpdater.dll
    Plagegeister aller Art und deren Bekämpfung - 27.02.2015 (9)
  2. McAffee und Spybot finden ein Problem und können es nicht beheben, dann ist das Problem plötzlich nicht mehr da
    Log-Analyse und Auswertung - 09.02.2014 (5)
  3. Highping in einem Online Game
    Log-Analyse und Auswertung - 02.08.2013 (13)
  4. Wurde mein PC infiziert? (besonderes Merkmal auf hacking)
    Plagegeister aller Art und deren Bekämpfung - 15.07.2013 (13)
  5. Internet läuft langsam .. DNS Problem ? Manchmal friert alles ein Neustart behebt Problem
    Log-Analyse und Auswertung - 25.04.2012 (1)
  6. HIGHPING seitdem ich einen virus habe
    Log-Analyse und Auswertung - 09.02.2012 (1)
  7. Trojaner oder Virus Merkmal: Failed to save all Components for the file....
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (13)
  8. gleiches Problem wie http://www.trojaner-board.de/99057-das-system-hat-ein-problem-mit-einem-oder-me
    Plagegeister aller Art und deren Bekämpfung - 26.05.2011 (1)
  9. Problem mit explorer.exe verbunden mit Active Desktop-Problem
    Alles rund um Windows - 05.01.2011 (5)
  10. Firefox problem, Anti-banner problem, Flashplayer problem, Viren problem?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2010 (11)
  11. Problem mit Webseite und cikutalist-wo das Problem posten?
    Mülltonne - 30.09.2010 (2)
  12. AntiVir-Installations-Problem und Win-Problem!
    Log-Analyse und Auswertung - 21.10.2009 (1)
  13. problem mit der maus, wohl internes problem
    Alles rund um Windows - 24.02.2008 (5)
  14. verdächtige Internettraffic
    Log-Analyse und Auswertung - 17.01.2008 (1)
  15. Sorry für F**** Problem mit PC...neues Problem mit SV-Host
    Log-Analyse und Auswertung - 18.07.2005 (21)
  16. Problem mit Startseite - genau das gleiche Problem wie Staux!!!
    Plagegeister aller Art und deren Bekämpfung - 05.01.2005 (30)
  17. Anti Vir Problem + Firefox Problem
    Antiviren-, Firewall- und andere Schutzprogramme - 15.12.2004 (8)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Internettraffic Problem / highping als Merkmal - Hallo liebes Board, Ich bin neu hier und musste mich erstmal durch die ganzen Tipps und Einleitungen kämpfen und bin echt froh das ich es hier her geschafft habe :-D - Internettraffic Problem / highping als Merkmal...
Archiv
Du betrachtest: Internettraffic Problem / highping als Merkmal auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131