![]() |
Log-Analyse und Auswertung: Alle Programme starten sehr langsam - Logs anbeiWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 | ||
| ![]() Alle Programme starten sehr langsam - Logs anbei Windows 7 32bit Seit gestern lahmt mein System extrem. Jedes noch so kleine Programm dauert nach dem Doppelklick einige Sekunden, bis es sich öffnet. Danach dauert es erneut einige Sekunden, bis es ansprechbar ist. Bei größeren Anwendungen, wie z.B. Windows Live Mail, dauert es schonmal einige Minuten... Ich hoffe ich kann durch Eure Hilfe einen formatc verhindern, hier die Logs: Zitat:
ATTFilter GMER - hxxp://www.gmer.net Rootkit scan 2010-12-17 08:01:16 Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_MMCRE28G5MXP-0VB rev.VBM1901Q Running: gmer.exe; Driver: C:\Users\***\AppData\Local\Temp\fwlcipob.sys ---- System - GMER 1.0.15 ---- SSDT 96C53D73 ZwLoadDriver SSDT 96C53D78 ZwSetSystemInformation SSDT 96C53D37 ZwTerminateProcess SSDT 96C53D32 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8325B599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 8327FF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!RtlSidHashLookup + 45C 8328796C 4 Bytes [73, 3D, C5, 96] .text ntkrnlpa.exe!RtlSidHashLookup + 768 83287C78 4 Bytes [78, 3D, C5, 96] .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 83287CC8 4 Bytes [37, 3D, C5, 96] .text ntkrnlpa.exe!RtlSidHashLookup + 82C 83287D3C 4 Bytes [32, 3D, C5, 96] PAGE spsys.sys!?SPRevision@@3PADA + 4F90 B3634000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...] PAGE spsys.sys!?SPRevision@@3PADA + 50B3 B3634123 629 Bytes [F5, 62, B3, FE, 05, 34, F5, ...] PAGE spsys.sys!?SPRevision@@3PADA + 5329 B3634399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...] PAGE spsys.sys!?SPRevision@@3PADA + 538F B36343FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...] PAGE spsys.sys!?SPRevision@@3PADA + 543B B36344AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...] PAGE ... .text autochk.exe 002311F0 4 Bytes [E5, 36, E9, 6D] .text autochk.exe 002311F7 3 Bytes [80, 55, 02] .text autochk.exe 00231204 4 Bytes [00, 00, 00, 00] {ADD [EAX], AL; ADD [EAX], AL} .text autochk.exe 0023120C 1 Byte [00] .text autochk.exe 00231210 1 Byte [00] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Mozilla Firefox\firefox.exe[3692] ntdll.dll!LdrLoadDll 7796F625 5 Bytes JMP 003B13F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation) .text C:\Program Files\Mozilla Firefox\plugin-container.exe[5628] USER32.dll!TrackPopupMenu 77AA4B3B 5 Bytes JMP 69422342 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation) ---- Devices - GMER 1.0.15 ---- Device Ntfs.sys (NT-Dateisystemtreiber/Microsoft Corporation) AttachedDevice tdrpm258.sys (Acronis Try&Decide Volume Filter Driver/Acronis) Device USBSTOR.SYS (USB Mass Storage Class Driver/Microsoft Corporation) Device pci.sys (NT-Plug & Play PCI-Enumerator/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\tdx \Device\Tcp nltdi.sys Device usbhub.sys (Default Hub Driver for USB/Microsoft Corporation) AttachedDevice fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\tdx \Device\Udp nltdi.sys AttachedDevice \Driver\tdx \Device\RawIp avfwot.sys (TDI filtering kernel driver/Avira GmbH) AttachedDevice \Driver\tdx \Device\RawIp nltdi.sys Device \Driver\ACPI_HAL \Device\0000007d halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x37 0x67 0xF0 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0B 0x27 0x13 0xA3 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0C 0x6B 0x84 0x17 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x09 0x37 0x67 0xF0 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x0B 0x27 0x13 0xA3 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0C 0x6B 0x84 0x17 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5ADD1F2E-73D8-1918-DE2B-6E23E2EE4D8D} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5ADD1F2E-73D8-1918-DE2B-6E23E2EE4D8D}@iakmghdmpidpmikphh 0x6B 0x61 0x67 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5ADD1F2E-73D8-1918-DE2B-6E23E2EE4D8D}@haanbbcnbejcgpao 0x6B 0x61 0x67 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCF2BF2E-2193-61EF-03B1-61A222CA57B8} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCF2BF2E-2193-61EF-03B1-61A222CA57B8}@makohjbmhdnigckngkemdgdaef 0x6B 0x61 0x69 0x6A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FCF2BF2E-2193-61EF-03B1-61A222CA57B8}@naeafnhlfmahknobmfgfnooiagdl 0x6B 0x61 0x69 0x6A ... ---- EOF - GMER 1.0.15 ---- OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.12.2010 08:09:07 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Public\Desktop\MFtools An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,24 Gb Total Space | 54,23 Gb Free Space | 45,47% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1337,57 Gb Free Space | 71,80% Space Free | Partition Type: NTFS Drive Z: | 931,51 Gb Total Space | 518,16 Gb Free Space | 55,63% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.12.17 07:28:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe PRC - [2010.12.08 11:57:56 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2010.11.02 12:59:54 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2010.11.02 12:59:53 | 000,539,304 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe PRC - [2010.11.02 12:59:53 | 000,403,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2010.11.02 12:59:53 | 000,339,624 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe PRC - [2010.11.02 12:59:53 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe PRC - [2010.08.30 13:10:44 | 001,085,440 | ---- | M] (Locktime Software) -- C:\Program Files\NetLimiter 3\nlsvc.exe PRC - [2010.06.12 18:14:06 | 002,480,048 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe PRC - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe PRC - [2010.03.27 17:39:02 | 000,752,184 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe PRC - [2010.03.25 09:52:30 | 001,374,336 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe PRC - [2010.02.14 01:53:52 | 000,352,256 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonTaskbar.exe PRC - [2010.02.14 01:53:28 | 000,492,544 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMon.exe PRC - [2010.01.14 21:09:33 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.07.14 02:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe PRC - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe PRC - [2009.06.25 07:07:32 | 007,547,424 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe PRC - [2009.03.13 04:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe PRC - [2009.03.13 04:48:48 | 003,678,208 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files\PostgreSQL\8.3\bin\postgres.exe PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.06.13 10:19:46 | 000,159,744 | ---- | M] (Razer USA Ltd.) -- C:\Program Files\n52te\n52teHid.exe ========== Modules (SafeList) ========== MOD - [2010.12.17 07:28:07 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Public\Desktop\MFtools\OTL.exe MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll MOD - [2010.05.05 07:46:55 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll MOD - [2010.02.14 01:53:56 | 000,210,432 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\RTSUltraMonHook.dll MOD - [2010.02.14 01:52:06 | 000,325,120 | ---- | M] (Realtime Soft Ltd) -- C:\Program Files\UltraMon\UltraMonResButtons.dll MOD - [2009.07.14 02:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll MOD - [2009.07.14 02:16:19 | 000,237,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMASF.DLL MOD - [2009.07.14 02:16:19 | 000,156,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\winsta.dll MOD - [2009.07.14 02:16:19 | 000,047,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wkscli.dll MOD - [2009.07.14 02:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll MOD - [2009.07.14 02:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll MOD - [2009.07.14 02:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll MOD - [2009.07.14 02:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll MOD - [2009.07.14 02:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll MOD - [2009.07.14 02:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll MOD - [2009.07.14 02:16:12 | 002,504,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL MOD - [2009.07.14 02:16:12 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll MOD - [2009.07.14 02:16:11 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntlanman.dll MOD - [2009.07.14 02:16:03 | 001,661,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\networkexplorer.dll MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll MOD - [2009.07.14 02:15:48 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mssprxy.dll MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll MOD - [2009.07.14 02:15:27 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IconCodecService.dll MOD - [2009.07.14 02:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll MOD - [2009.07.14 02:15:14 | 000,128,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorAPI.dll MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll MOD - [2009.07.14 02:15:13 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drprov.dll MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll MOD - [2009.07.14 02:15:08 | 000,077,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davclnt.dll MOD - [2009.07.14 02:15:08 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\davhlpr.dll MOD - [2009.07.14 02:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll MOD - [2009.07.14 02:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll MOD - [2009.07.14 02:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll MOD - [2009.07.14 02:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll ========== Win32 Services (SafeList) ========== SRV - [2010.12.08 11:57:56 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010.11.02 12:59:54 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.11.02 12:59:53 | 000,539,304 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService) SRV - [2010.11.02 12:59:53 | 000,403,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2010.11.02 12:59:53 | 000,339,624 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2010.10.09 14:48:14 | 000,185,640 | ---- | M] () [On_Demand | Stopped] -- C:\Users\***\AppData\Roaming\Mikogo\B-Service.exe -- (B-Service) SRV - [2010.10.06 12:39:27 | 002,002,728 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5) SRV - [2010.08.30 13:10:44 | 001,085,440 | ---- | M] (Locktime Software) [Auto | Running] -- C:\Program Files\NetLimiter 3\nlsvc.exe -- (nlsvc) SRV - [2010.06.29 07:10:28 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.06.12 18:14:06 | 002,480,048 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv) SRV - [2010.05.07 18:47:32 | 000,162,648 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2010.03.27 17:39:02 | 000,752,184 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.07.16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc) SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc) SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power) SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes) SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc) SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc) SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider) SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener) SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache) SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp) SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc) SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC) SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV) SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc) SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc) SRV - [2009.07.07 13:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice) SRV - [2009.03.13 04:50:20 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3) SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\***\AppData\Local\Temp\ALSysIO.sys -- (ALSysIO) DRV - [2010.12.17 07:46:14 | 000,024,944 | ---- | M] () [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\GVTDrv.sys -- (GVTDrv) DRV - [2010.12.08 12:04:16 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2010.11.22 14:25:17 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.10 02:49:50 | 004,323,040 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam Pro 9000(UVC) DRV - [2010.11.10 02:48:12 | 000,283,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2010.11.02 12:59:55 | 000,102,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot) DRV - [2010.09.07 19:07:29 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd) DRV - [2010.08.30 13:24:02 | 005,281,672 | ---- | M] (Locktime Software) [Kernel | System | Running] -- C:\Program Files\NetLimiter 3\nltdi.sys -- (nltdi) DRV - [2010.08.30 13:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisPT) DRV - [2010.08.30 13:24:02 | 005,230,088 | ---- | M] (Locktime Software) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nlndis.sys -- (NLNdisMP) DRV - [2010.07.10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\appliand.sys -- (appliandMP) DRV - [2010.06.24 13:46:12 | 000,028,256 | ---- | M] (Applian Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\appliand.sys -- (appliand) DRV - [2010.06.15 09:44:05 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2010.06.12 23:20:59 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2010.06.12 18:14:06 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) DRV - [2010.06.12 18:14:06 | 000,160,704 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\afcdp.sys -- (afcdp) DRV - [2010.06.12 18:14:05 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter) DRV - [2010.06.12 18:14:04 | 000,166,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman) DRV - [2010.06.01 16:28:08 | 000,612,352 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\arusb_win7.sys -- (arusb_win7) DRV - [2010.05.07 18:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2010.03.25 08:36:42 | 000,841,504 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2010.02.15 14:23:49 | 000,079,432 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim) DRV - [2010.01.29 10:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive) DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg) DRV - [2009.07.30 12:58:26 | 000,187,392 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167) DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide) DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci) DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx) DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs) DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320) DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas) DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata) DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc) DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata) DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide) DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor) DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid) DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960) DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS) DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV) DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR) DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI) DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC) DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2) DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp) DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas) DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy) DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor) DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx) DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD) DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends) DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid) DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus) DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp) DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt) DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot) DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide) DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300) DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost) DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx) DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4) DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw) DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2) DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor) DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG) DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus) DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP) DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2) DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf) DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap) DRV - [2009.07.14 00:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt) DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus) DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci) DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\umpass.sys -- (UmPass) DRV - [2009.07.14 00:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2009.07.14 00:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf) DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig) DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus) DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID) DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter) DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap) DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID) DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache) DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi) DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM) DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm) DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer) DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm) DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo) DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp) DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x) DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv) DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv) DRV - [2009.07.07 13:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis) DRV - [2009.07.07 13:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp) DRV - [2009.06.25 07:07:34 | 002,375,776 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.11.14 01:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility) DRV - [2007.10.11 10:10:52 | 000,030,008 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ET5Drv.sys -- (ET5Drv) DRV - [2007.09.27 13:46:12 | 000,048,896 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\JmtFltr.sys -- (JmtFltr) DRV - [2007.09.19 16:01:06 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vhidmini.sys -- (vhidmini) DRV - [2007.04.26 00:53:46 | 000,025,088 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E1 74 D5 3A 75 90 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {E6463D12-450D-45eb-9D47-804AEB0A9561}:2.2.0 FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.7 FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com: FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com: FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.11 11:06:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.11 11:06:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.12 20:44:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.06.12 20:45:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.06.12 20:45:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.28 08:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2sbdasam.default\extensions [2010.12.16 17:05:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions [2010.06.12 20:55:37 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010.06.12 19:40:16 | 000,000,000 | ---D | M] (Find Toolbar Tweaks) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\{E6463D12-450D-45eb-9D47-804AEB0A9561} [2010.11.02 07:05:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\DeviceDetection@logitech.com [2010.09.07 19:07:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\DTToolbar@toolbarnet.com [2010.06.12 19:40:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ajblnvr0.default\extensions\youtube2mp3@mondayx.de [2010.12.13 19:27:29 | 000,000,886 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\appledocs.xml [2010.09.07 19:07:46 | 000,002,059 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\daemon-search.xml [2009.11.09 08:38:37 | 000,001,741 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\idealode.xml [2010.01.13 21:40:27 | 000,001,512 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\imdb.xml [2009.11.27 15:13:59 | 000,001,747 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\leo-deu-spa.xml [2010.04.01 12:41:39 | 000,004,771 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\medipreis.xml [2010.04.01 17:50:27 | 000,001,011 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\torrentz-search.xml [2009.11.09 07:49:29 | 000,001,720 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ajblnvr0.default\searchplugins\youtube-videosuche.xml [2010.12.16 17:05:58 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.06.13 08:55:06 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.15 19:03:32 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.11 06:50:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.11 08:26:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.02 16:58:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll [2010.12.11 11:06:25 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.11 11:06:25 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.11 11:06:25 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.11 11:06:25 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.11 11:06:25 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.11 06:25:06 | 000,415,969 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: www.007guard.com O1 - Hosts: 007guard.com O1 - Hosts: 008i.com O1 - Hosts: www.008k.com O1 - Hosts: 008k.com O1 - Hosts: www.00hq.com O1 - Hosts: 00hq.com O1 - Hosts: 010402.com O1 - Hosts: www.032439.com O1 - Hosts: 032439.com O1 - Hosts: www.0scan.com O1 - Hosts: 0scan.com O1 - Hosts: 1000gratisproben.com O1 - Hosts: www.1000gratisproben.com O1 - Hosts: 1001namen.com O1 - Hosts: www.1001namen.com O1 - Hosts: 100888290cs.com O1 - Hosts: www.100888290cs.com O1 - Hosts: www.100sexlinks.com O1 - Hosts: 100sexlinks.com O1 - Hosts: 10sek.com O1 - Hosts: www.10sek.com O1 - Hosts: www.1-2005-search.com O1 - Hosts: 1-2005-search.com O1 - Hosts: 123fporn.info O1 - Hosts: 14356 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\***\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Copy Handler] File not found O4 - HKLM..\Run: [EasyTuneVPro] C:\Program Files\Gigabyte\ET5Pro\ETcall.exe () O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) O4 - HKLM..\Run: [Jomantha] C:\Program Files\n52te\n52teHid.exe (Razer USA Ltd.) O4 - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKCU..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe (Locktime Software) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician (Beta).lnk = C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\***\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\Flash Capture\fciext.dll File not found O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: kuaiche.com ([software] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe () MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) MsConfig - StartUpReg: IJNetworkScanUtility - hkey= - key= - C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE (CANON INC.) MsConfig - StartUpReg: Logitech Vid - hkey= - key= - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.) MsConfig - StartUpReg: Mikogo - hkey= - key= - C:\Users\***\AppData\Roaming\Mikogo\Mikogo-Host.exe (Mikogo) MsConfig - StartUpReg: MX Skype Recorder - hkey= - key= - C:\ProgramData\MXSkypeRecorder\MXSkypeRecorder.exe (Ammyy Group) MsConfig - StartUpReg: Samsung SSD Magician - hkey= - key= - C:\Program Files\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.) MsConfig - StartUpReg: Steam - hkey= - key= - D:\Program Files\Steam\steam.exe (Valve Corporation) MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe () MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) MsConfig - State: "bootini" - 2 MsConfig - State: "startup" - 2 Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation) Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation) Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation) ========== Files/Folders - Created Within 30 Days ========== [2010.12.17 07:36:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2010.12.17 07:35:40 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT [2010.12.17 07:25:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.12.17 07:24:44 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.12.17 07:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.17 07:24:25 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.12.17 07:24:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.12.17 07:22:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools [2010.12.15 09:47:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Copy Handler [2010.12.15 09:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\Copy Handler [2010.12.11 09:45:57 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1.02.21_WDLXTV.COM_WDLXTV_LIVE- [2010.12.11 08:37:39 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1.02.21_WDLXTV.COM_EXT3-BOOT_LIVE- [2010.12.11 07:48:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\1.02.21_WDLXTV.COM_WDLXTV_LIVE- [2010.12.09 08:52:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RealWorld [2010.12.09 08:52:09 | 000,000,000 | ---D | C] -- C:\Program Files\RealWorld Cursor Editor [2010.12.07 22:09:18 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\The KMPlayer [2010.12.07 22:08:23 | 000,000,000 | ---D | C] -- C:\Program Files\The KMPlayer [2010.12.06 06:35:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM [2010.12.05 20:49:49 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\SightSpeed Recordings [2010.12.05 20:49:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\LogiShrd [2010.12.05 20:48:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2010.12.05 20:48:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\logishrd [2010.12.05 20:48:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2010.12.05 20:48:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LWS [2010.12.05 20:46:36 | 000,000,000 | ---D | C] -- C:\Program Files\Enable Viacam [2010.12.05 20:43:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\logishrd [2010.12.03 09:21:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Workrave [2010.12.03 06:39:41 | 000,000,000 | ---D | C] -- C:\totalcmd [2010.12.03 06:39:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GHISLER [2010.11.30 16:47:59 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax [2010.11.30 16:47:59 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax [2010.11.30 16:47:59 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax [2010.11.30 16:47:59 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax [2010.11.30 16:47:59 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax [2010.11.30 16:47:58 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll [2010.11.30 16:47:58 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax [2010.11.30 16:47:58 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll [2010.11.30 16:47:58 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax [2010.11.30 16:47:58 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll [2010.11.30 16:47:57 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax [2010.11.30 16:47:57 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax [2010.11.30 16:47:37 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft [2010.11.30 04:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.11.30 04:34:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\TuneClone [2010.11.30 04:34:20 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Music [2010.11.30 04:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneClone [2010.11.29 21:39:41 | 000,000,000 | ---D | C] -- C:\Program Files\WMCap [2010.11.29 21:07:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sytexis Software [2010.11.29 21:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Sytexis Software [2010.11.29 21:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Video Recorder [2010.11.26 10:24:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA [2010.11.24 09:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung SSD Magician [2010.11.24 09:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung [2010.11.24 08:36:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Auslogics [2010.11.24 08:36:20 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics [2010.11.23 09:07:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam [2010.11.20 16:56:40 | 000,000,000 | ---D | C] -- C:\Program Files\WMR14 [2010.11.20 16:45:19 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Streaming Media [2010.11.20 16:45:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Jaksta_Technologies_Pty_L [2010.11.20 16:44:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Replay Media Catcher 4 [2010.11.20 16:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Applian Technologies [2010.11.19 18:35:13 | 000,000,000 | ---D | C] -- C:\Users\***\Application Data ========== Files - Modified Within 30 Days ========== [2010.12.17 07:53:26 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.17 07:53:26 | 000,014,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.17 07:50:09 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.17 07:50:09 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.17 07:50:09 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.17 07:50:09 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.17 07:46:14 | 000,024,944 | ---- | M] () -- C:\Windows\System32\drivers\GVTDrv.sys [2010.12.17 07:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.17 07:45:44 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2010.12.17 07:43:56 | 000,000,020 | ---- | M] () -- C:\Users\***\defogger_reenable [2010.12.17 07:35:41 | 000,000,869 | ---- | M] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.12.17 07:35:41 | 000,000,850 | ---- | M] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.12.17 07:27:58 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\defogger.exe [2010.12.17 07:27:50 | 000,288,107 | ---- | M] () -- C:\Users\***\Desktop\Gmer.zip [2010.12.17 07:24:44 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.17 07:16:28 | 000,471,560 | ---- | M] () -- C:\Users\***\Desktop\Load.exe [2010.12.15 21:55:01 | 000,008,432 | ---- | M] () -- C:\Windows\System32\secustat.dat [2010.12.15 17:34:44 | 000,042,896 | ---- | M] () -- C:\Users\***\Desktop\Mr__Magoriums_Wunderladen_10.12.14_20-15_vox_110_TVOON_DE.mpg.HQ.jpg [2010.12.15 15:39:00 | 000,012,096 | ---- | M] () -- C:\Users\***\Desktop\105278.jpg [2010.12.15 11:29:29 | 000,012,457 | ---- | M] () -- C:\Users\***\Desktop\Takers (2).jpg [2010.12.15 09:53:55 | 000,007,532 | ---- | M] () -- C:\Users\***\Desktop\Ich.sehe.den.Mann.deiner.Traeume.jpg [2010.12.15 09:47:28 | 000,000,932 | ---- | M] () -- C:\Users\***\Desktop\Copy Handler.lnk [2010.12.15 09:37:54 | 000,094,636 | ---- | M] () -- C:\Windows\dropcpyr.dll [2010.12.15 09:37:54 | 000,073,728 | ---- | M] () -- C:\Windows\copyfstq.exe [2010.12.15 09:15:01 | 000,002,082 | ---- | M] () -- C:\Users\***\Desktop\Party EzCASH.lnk [2010.12.15 07:31:09 | 000,291,984 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.12.13 15:27:07 | 000,003,021 | ---- | M] () -- C:\Users\***\Desktop\TableNinjaFT.lnk [2010.12.10 21:03:31 | 000,015,088 | ---- | M] () -- C:\Users\***\Desktop\catsanddogs2.jpg [2010.12.10 21:02:22 | 000,010,240 | ---- | M] () -- C:\Users\***\Desktop\Monsters.jpg [2010.12.09 20:16:51 | 000,058,177 | ---- | M] () -- C:\Users\***\Desktop\Dexter.S05E11.720p.HDTV.x264-IMMERSE.de.srt [2010.12.09 08:55:53 | 000,004,286 | ---- | M] () -- C:\Users\***\Desktop\Document0001.cur [2010.12.09 08:52:10 | 000,003,105 | ---- | M] () -- C:\Users\***\Desktop\RealWorld Cursor Editor.lnk [2010.12.09 08:51:30 | 006,876,160 | ---- | M] () -- C:\Users\***\Desktop\RWCursorEditor32_2009.1.msi [2010.12.08 13:45:08 | 000,001,053 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2010.12.08 12:04:16 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2010.12.07 22:08:27 | 000,000,968 | ---- | M] () -- C:\Users\***\Desktop\KMPlayer.lnk [2010.12.06 16:51:00 | 000,059,940 | ---- | M] () -- C:\Users\***\Desktop\Dexter.S05E11.HDTV.XviD-FEVER.srt [2010.12.06 12:43:20 | 000,108,685 | ---- | M] () -- C:\Users\***\Desktop\ninja.jpg [2010.12.05 20:49:08 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk [2010.12.05 20:48:17 | 000,001,553 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2010.12.05 20:46:39 | 000,001,058 | ---- | M] () -- C:\Users\***\Desktop\eViacam.lnk [2010.12.05 17:51:23 | 000,007,792 | ---- | M] () -- C:\Users\***\Desktop\weihnact.jpg [2010.12.05 10:19:30 | 000,001,460 | ---- | M] () -- C:\Users\***\Desktop\Advanced PLO Theory Volume 2 v3 printable secured.pdf - Verknüpfung.lnk [2010.12.04 15:41:02 | 000,020,199 | ---- | M] () -- C:\Users\***\Desktop\since group coaching.JPG [2010.12.03 13:09:52 | 000,000,218 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.12.03 09:01:56 | 000,001,142 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician (Beta).lnk [2010.12.03 09:01:56 | 000,001,084 | ---- | M] () -- C:\Users\Public\Desktop\Samsung SSD Magician (Beta).lnk [2010.12.03 07:07:55 | 000,253,098 | ---- | M] () -- C:\Users\***\Desktop\Ansky on Tilt.mp3 [2010.12.03 06:39:43 | 000,000,643 | ---- | M] () -- C:\Users\***\Desktop\Total Commander.lnk [2010.12.03 06:29:50 | 000,001,918 | ---- | M] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk [2010.11.30 16:47:59 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.11.30 16:47:59 | 000,001,945 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.11.30 04:10:22 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\Stars Modded.lnk [2010.11.29 21:39:55 | 000,000,936 | ---- | M] () -- C:\Users\***\Desktop\WM Capture.lnk [2010.11.29 21:24:58 | 000,001,275 | ---- | M] () -- C:\Users\***\Desktop\Direct Stream Recorder.lnk [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\UC.PIF [2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\RAR.PIF [2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKZIP.PIF [2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\PKUNZIP.PIF [2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\NOCLOSE.PIF [2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\LHA.PIF [2010.11.29 07:56:00 | 000,000,545 | ---- | M] () -- C:\Windows\ARJ.PIF [2010.11.28 10:13:42 | 000,006,928 | ---- | M] () -- C:\Users\***\Desktop\Der.letzte.Exorzismus.jpg [2010.11.28 10:11:43 | 000,012,457 | ---- | M] () -- C:\Users\***\Desktop\Takers.jpg [2010.11.24 08:35:56 | 222,903,195 | ---- | M] () -- C:\Users\***\Desktop\PLO on French Site .wmv [2010.11.23 11:47:12 | 000,000,215 | ---- | M] () -- C:\Users\***\Desktop\R.U.S.E.url [2010.11.23 11:34:36 | 000,000,687 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.11.22 14:25:17 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2010.11.21 11:57:56 | 000,012,982 | ---- | M] () -- C:\Users\***\Documents\Time_Template.odt [2010.11.21 11:57:56 | 000,000,101 | -H-- | M] () -- C:\Users\***\Documents\.~lock.Time_Template.odt# [2010.11.20 21:49:24 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.11.20 17:05:29 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\WM Converter.lnk [2010.11.20 17:05:29 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\WM Recorder 14.lnk [2010.11.20 16:44:10 | 000,002,637 | ---- | M] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk [2010.11.20 15:58:42 | 000,003,017 | ---- | M] () -- C:\Users\***\Desktop\TableNinja.lnk [2010.11.19 18:44:13 | 018,199,736 | ---- | M] () -- C:\Users\***\Desktop\MJH vs WMS.flv [2010.11.19 18:23:53 | 000,008,192 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== Files Created - No Company Name ========== [2010.12.17 07:48:05 | 000,296,448 | ---- | C] () -- C:\Users\***\Desktop\gmer.exe [2010.12.17 07:43:38 | 000,000,020 | ---- | C] () -- C:\Users\***\defogger_reenable [2010.12.17 07:35:41 | 000,000,869 | ---- | C] () -- C:\Users\***\Desktop\NTREGOPT.lnk [2010.12.17 07:35:41 | 000,000,850 | ---- | C] () -- C:\Users\***\Desktop\ERUNT.lnk [2010.12.17 07:24:44 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.17 07:22:47 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\defogger.exe [2010.12.17 07:22:40 | 000,288,107 | ---- | C] () -- C:\Users\***\Desktop\Gmer.zip [2010.12.17 07:16:27 | 000,471,560 | ---- | C] () -- C:\Users\***\Desktop\Load.exe [2010.12.15 17:34:44 | 000,042,896 | ---- | C] () -- C:\Users\***\Desktop\Mr__Magoriums_Wunderladen_10.12.14_20-15_vox_110_TVOON_DE.mpg.HQ.jpg [2010.12.15 15:39:00 | 000,012,096 | ---- | C] () -- C:\Users\***\Desktop\105278.jpg [2010.12.15 11:29:29 | 000,012,457 | ---- | C] () -- C:\Users\***\Desktop\Takers (2).jpg [2010.12.15 09:53:55 | 000,007,532 | ---- | C] () -- C:\Users\***\Desktop\Ich.sehe.den.Mann.deiner.Traeume.jpg [2010.12.15 09:47:28 | 000,000,932 | ---- | C] () -- C:\Users\***\Desktop\Copy Handler.lnk [2010.12.15 09:37:54 | 000,094,636 | ---- | C] () -- C:\Windows\dropcpyr.dll [2010.12.15 09:37:54 | 000,073,728 | ---- | C] () -- C:\Windows\copyfstq.exe [2010.12.15 08:06:59 | 000,058,177 | ---- | C] () -- C:\Users\***\Desktop\Dexter.S05E11.720p.HDTV.x264-IMMERSE.de.srt [2010.12.10 21:03:31 | 000,015,088 | ---- | C] () -- C:\Users\***\Desktop\catsanddogs2.jpg [2010.12.10 21:02:22 | 000,010,240 | ---- | C] () -- C:\Users\***\Desktop\Monsters.jpg [2010.12.09 14:59:28 | 000,059,940 | ---- | C] () -- C:\Users\***\Desktop\Dexter.S05E11.HDTV.XviD-FEVER.srt [2010.12.09 08:55:53 | 000,004,286 | ---- | C] () -- C:\Users\***\Desktop\Document0001.cur [2010.12.09 08:52:10 | 000,003,105 | ---- | C] () -- C:\Users\***\Desktop\RealWorld Cursor Editor.lnk [2010.12.09 08:51:07 | 006,876,160 | ---- | C] () -- C:\Users\***\Desktop\RWCursorEditor32_2009.1.msi [2010.12.08 13:45:08 | 000,001,053 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk [2010.12.07 22:08:27 | 000,000,968 | ---- | C] () -- C:\Users\***\Desktop\KMPlayer.lnk [2010.12.06 12:38:51 | 000,108,685 | ---- | C] () -- C:\Users\***\Desktop\ninja.jpg [2010.12.05 20:49:08 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Vid HD.lnk [2010.12.05 20:48:17 | 000,001,553 | ---- | C] () -- C:\Users\Public\Desktop\Logitech Webcam Software .lnk [2010.12.05 20:46:39 | 000,001,058 | ---- | C] () -- C:\Users\***\Desktop\eViacam.lnk [2010.12.05 17:51:23 | 000,007,792 | ---- | C] () -- C:\Users\***\Desktop\weihnact.jpg [2010.12.05 10:19:30 | 000,001,460 | ---- | C] () -- C:\Users\***\Desktop\Advanced PLO Theory Volume 2 v3 printable secured.pdf - Verknüpfung.lnk [2010.12.04 15:41:01 | 000,020,199 | ---- | C] () -- C:\Users\***\Desktop\since group coaching.JPG [2010.12.03 13:09:52 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.12.03 09:01:56 | 000,001,142 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician (Beta).lnk [2010.12.03 09:01:56 | 000,001,084 | ---- | C] () -- C:\Users\Public\Desktop\Samsung SSD Magician (Beta).lnk [2010.12.03 07:07:55 | 000,253,098 | ---- | C] () -- C:\Users\***\Desktop\Ansky on Tilt.mp3 [2010.12.03 06:39:43 | 000,000,643 | ---- | C] () -- C:\Users\***\Desktop\Total Commander.lnk [2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF [2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF [2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF [2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF [2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF [2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF [2010.12.03 06:39:41 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF [2010.12.03 06:29:50 | 000,001,918 | ---- | C] () -- C:\Users\***\Desktop\Mozilla Firefox.lnk [2010.11.30 16:47:59 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax [2010.11.30 16:47:59 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk [2010.11.30 16:47:59 | 000,001,945 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk [2010.11.30 16:47:58 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax [2010.11.30 16:47:58 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax [2010.11.30 16:47:58 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax [2010.11.30 16:47:57 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax [2010.11.30 16:47:57 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax [2010.11.30 16:47:57 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax [2010.11.30 16:47:57 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax [2010.11.29 21:39:55 | 000,000,936 | ---- | C] () -- C:\Users\***\Desktop\WM Capture.lnk [2010.11.29 21:24:58 | 000,001,275 | ---- | C] () -- C:\Users\***\Desktop\Direct Stream Recorder.lnk [2010.11.28 10:13:42 | 000,006,928 | ---- | C] () -- C:\Users\***\Desktop\Der.letzte.Exorzismus.jpg [2010.11.28 10:11:43 | 000,012,457 | ---- | C] () -- C:\Users\***\Desktop\Takers.jpg [2010.11.24 08:27:47 | 222,903,195 | ---- | C] () -- C:\Users\***\Desktop\PLO on French Site .wmv [2010.11.23 11:47:12 | 000,000,215 | ---- | C] () -- C:\Users\***\Desktop\R.U.S.E.url [2010.11.23 09:07:36 | 000,000,687 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.11.21 11:57:01 | 000,000,101 | -H-- | C] () -- C:\Users\***\Documents\.~lock.Time_Template.odt# [2010.11.20 16:56:46 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\WM Converter.lnk [2010.11.20 16:56:46 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\WM Recorder 14.lnk [2010.11.20 16:44:10 | 000,002,637 | ---- | C] () -- C:\Users\Public\Desktop\Replay Media Catcher 4.lnk [2010.11.20 15:58:42 | 000,003,017 | ---- | C] () -- C:\Users\***\Desktop\TableNinja.lnk [2010.11.19 18:41:18 | 018,199,736 | ---- | C] () -- C:\Users\***\Desktop\MJH vs WMS.flv [2010.11.10 02:45:30 | 010,871,128 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010.11.10 02:45:20 | 000,316,248 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010.11.10 02:31:42 | 000,026,286 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2010.10.25 08:30:43 | 000,010,752 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll [2010.10.08 19:13:44 | 000,008,192 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.18 07:40:06 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2010.06.16 08:17:25 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL [2010.06.13 09:38:20 | 000,087,040 | ---- | C] () -- C:\Windows\System32\TrayIcon12.dll [2010.06.13 09:38:20 | 000,061,952 | ---- | C] () -- C:\Windows\System32\ajnetmask.dll [2010.06.13 05:48:04 | 000,000,045 | ---- | C] () -- C:\Users\***\AppData\Local\machpro.dat [2010.06.12 23:20:27 | 000,024,944 | ---- | C] () -- C:\Windows\System32\drivers\GVTDrv.sys [2010.06.12 23:10:51 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI [2010.06.12 21:11:28 | 000,067,462 | ---- | C] () -- C:\Program Files\hminstalllog.txt [2010.06.12 20:05:13 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2010.06.12 17:54:30 | 000,048,896 | ---- | C] () -- C:\Windows\System32\drivers\JmtFltr.sys [2010.06.12 17:16:44 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2010.06.12 17:11:41 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2010.05.07 18:46:36 | 000,014,168 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll [2010.05.07 18:43:30 | 000,025,824 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2000.02.11 08:47:38 | 000,003,120 | ---- | C] () -- C:\Windows\TMN211G.ini ========== LOP Check ========== [2010.08.09 08:14:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis [2010.11.24 08:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Auslogics [2010.12.16 07:51:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\BITS [2010.06.14 13:35:52 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2010.09.08 07:34:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2010.06.12 20:54:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGet [2010.06.12 20:04:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FlashGetBHO [2010.10.05 14:32:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN [2010.12.03 06:39:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GHISLER [2010.08.29 20:17:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.12.16 18:05:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HEM Data [2010.06.19 17:23:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ImgBurn [2010.06.15 16:18:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\innoPlus [2010.12.05 20:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2010.10.05 15:11:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MagicMaps [2010.10.09 14:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mikogo [2010.06.22 08:06:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag [2010.10.10 11:17:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\n52te [2010.06.15 16:36:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2010.08.29 20:21:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\postgresql [2010.11.20 16:45:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Replay Media Catcher 4 [2010.11.29 21:24:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sytexis Software [2010.10.08 19:23:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2010.12.15 09:30:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeraCopy [2010.06.12 20:01:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ThumbGen [2010.06.12 20:45:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2010.12.03 13:28:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Workrave [2010.09.20 08:16:30 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat [2009.07.14 02:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr [2010.06.12 18:03:26 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK [2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys [2010.12.17 07:45:44 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys [2010.06.12 17:16:55 | 000,000,190 | ---- | M] () -- C:\Install.log [2010.12.17 07:45:45 | 3488,079,872 | -HS- | M] () -- C:\pagefile.sys [2010.10.08 22:18:57 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2010.06.12 17:15:15 | 000,001,841 | ---- | M] () -- C:\RHDSetup.log < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009.07.14 05:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009.07.14 05:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009.07.14 05:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009.07.14 05:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009.06.10 22:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\spool\prtprocs\w32x86\*.* > [2008.10.09 04:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9D.DLL [2008.10.09 04:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9D.DLL [2009.07.14 02:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll [2009.07.14 02:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll < %systemroot%\REPAIR\*.bak1 > < %systemroot%\REPAIR\*.ini > < %systemroot%\system32\*.jpg > < %systemroot%\*.scr > [2010.02.14 01:52:34 | 000,240,128 | ---- | M] (Realtime Soft Ltd) -- C:\Windows\UltraMon.scr < %systemroot%\*._sy > < %APPDATA%\Adobe\Update\*.* > < %ALLUSERSPROFILE%\Favorites\*.* > < %APPDATA%\Microsoft\*.* > < %PROGRAMFILES%\*.* > [2009.07.14 05:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini [2010.06.12 21:11:28 | 000,067,462 | ---- | M] () -- C:\Program Files\hminstalllog.txt < %APPDATA%\Update\*.* > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\user32.dll /md5 > [2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009.07.14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009.07.14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll < MD5 for: EXPLORER.EXE > [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: WININIT.EXE > [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe [2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-12-17 06:03:04 ========== Alternate Data Streams ========== @Alternate Data Stream - 741 bytes -> C:\Users\***\Desktop\765E4C1D-00000052.eml:OECustomProperty @Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:0B174FAE < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.12.2010 08:09:07 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Public\Desktop\MFtools An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free 6,00 Gb Paging File | 4,00 Gb Available in Paging File | 61,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,24 Gb Total Space | 54,23 Gb Free Space | 45,47% Space Free | Partition Type: NTFS Drive D: | 1863,01 Gb Total Space | 1337,57 Gb Free Space | 71,80% Space Free | Partition Type: NTFS Drive Z: | 931,51 Gb Total Space | 518,16 Gb Free Space | 55,63% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe" = C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe:*:Enabled:Flashget3 -- (Trend Media Corporation Limited) "C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- () ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video "{0AC8162B-5175-41D7-B963-8307A40BD456}" = n52te Editor "{0CA1C412-6716-40E8-B033-006002E7F7EC}" = MagicMaps Support und Update Tool "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP620_series" = Canon MP620 series MP Drivers "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up "{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects "{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi "{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main "{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22 "{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician (Beta) "{2F083216-8203-4E94-8C7C-EDF1C91D037D}" = RealWorld Cursor Editor "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{31B5B620-CA8A-4F99-A64E-7DDB3D1BBB69}_is1" = appleJuice Client "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT "{414A373B-59DF-4102-94CA-9FE9A74CBDDA}" = Garmin Trip and Waypoint Manager v5 "{41B02081-FE64-4DB9-83F0-F5D15EBF8FF9}" = Replay Media Catcher 4 "{4767E0D4-05E9-4EC2-AD78-7AE1680D602C}" = Snowie Version 4 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C24A8C1-7CFA-4650-AF15-732F5BD7B46D}" = Macromedia Fireworks 8 "{5049FE6D-46A4-4BA4-B9A9-6406AFAAB60D}" = TableNinja "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{5B48A8D9-D1AD-4424-BD4D-E462737099DF}" = SportTracks 3.0 "{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7 "{5EF44D3A-E86E-434C-8418-71E277C565DF}" = TP-LINK Wireless Client Utility "{655B0665-7688-4269-B5B0-EC2D8F62D8B7}" = MagicMaps Tour Explorer Deutschland "{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery "{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{80F19EAA-44C4-47C2-AE87-1C7628E858D6}" = Logitech Harmony Remote Software 7 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher "{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{8E7C9790-9804-44E9-8B50-34D5F448570B}" = MagicMaps Hessen Rheinland-Pfalz Saarland 3.0 "{913923AB-3AAB-4870-8910-627C4CD82789}" = NetLimiter 3 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9CF6A157-F0E8-4216-B229-C0CA8204BE2C}_is1" = Copy Handler 1.32Final "{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A5049F43-18B8-4984-9B98-FE701B0D2526}" = Camtasia Studio 5 "{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch "{B1102A25-3AA3-446B-AA0F-A699B07A02FD}" = Garmin USB Drivers "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy "{B49673F8-7AB6-4A14-8213-C8A7BE370010}" = UltraMon "{B823632F-3B72-4514-8861-B961CE263224}" = PostgreSQL 8.3 "{B96DB037-DBEA-4186-9081-9CBD537F82E8}" = 3D-Viewer-innoPlus "{BF2FC5F6-EC88-4CA5-BD83-DC6613FD077D}_is1" = Enable Viacam 1.4 "{C1DEC47C-0C5A-499F-B5A8-7CB516CB2B48}" = TableNinjaFT "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software "{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker "{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag "{E0783143-EAE2-4047-A8D6-E155523C594C}" = Garmin WebUpdater "{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform "{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook "45A7283175C62FAC673F913C1F532C5361F97841" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (03/08/2007 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "AutoHotkey" = AutoHotkey "Avira AntiVir Desktop" = Avira Premium Security Suite "Bestpoker Classic_is1" = Bestpoker Classic "Camtasia Studio 3" = Camtasia Studio 3 "Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility "Canon_IJ_Network_UTILITY" = Canon IJ Network Tool "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "EasyTune5Pro" = EasyTune5Pro "ERUNT_is1" = ERUNT 1.1j "FlashGet 3.3" = FlashGet 3.3 "HD Tune_is1" = HD Tune 2.55 "Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete "HoldemManager" = Holdem Manager "ImgBurn" = ImgBurn "Linksys Wireless Manager" = Linksys Wireless Manager "Logitech Vid" = Logitech Vid HD "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaInfo" = MediaInfo 0.7.35 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mikogo" = Mikogo "Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13) "Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4) "MP Navigator EX 2.0" = Canon MP Navigator EX 2.0 "mp3splt-gtk" = mp3splt-gtk "Mp3tag" = Mp3tag v2.46a "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "Party EzCASH Card Mod - Yellow Spades Modern Party Layout" = Party EzCASH Card Mod - Yellow Spades Modern Party Layout "Party EzCASH Registered" = Party EzCASH Registered "PartyPoker" = PartyPoker "PokerStars" = PokerStars "Revo Uninstaller" = Revo Uninstaller 1.88 "StarCraft II" = StarCraft II "Steam App 21970" = R.U.S.E "SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010) "TeamViewer 5" = TeamViewer 5 "The KMPlayer" = The KMPlayer (remove only) "Totalcmd" = Total Commander (Remove or Repair) "Trackbuster" = Trackbuster GUI "TrueMoneyGames" = TrueMoneyGames 6.3 "UltraISO_is1" = UltraISO Premium V9.36 "VLC media player" = VLC media player 1.1.0 "Winamp" = Winamp "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "WM Capture" = WM Capture "WM Recorder" = WM Recorder ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "FreePHG V3.05" = FreePHG V3.05 "FreePHG V3.06" = FreePHG V3.06 "HHLoader" = HHLoader "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt! < End of report > |
![]() | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Alle Programme starten sehr langsam - Logs anbei Hallo und
__________________![]() Zitat:
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!
__________________ |
![]() | #3 | |
| ![]() Alle Programme starten sehr langsam - Logs anbei Inzwischen habe ich AVIRA deinstalliert und neu drauf gemacht.
__________________Das hat das Problem erstmal behoben. Vielleicht kann ja trotzdem mal jemand über die Logs schauen... Zitat:
![]() | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Alle Programme starten sehr langsam - Logs anbei Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() | #5 |
| ![]() Alle Programme starten sehr langsam - Logs anbei nachdem ich cofi gestern abend gestartet habe, war die Meldung "Versuche, einen neuen Systemwiederherstellungspunkt zu erstellen" die letzte Stunde bevor ich ins Bett bin zu lesen. Vorhin wache ich auf, der Bidschirm ist schwarz, man sieht nur den Cursor, der lässt sich aber nicht bewegen... Jetzt einfach Knopf drücken und Neustart? |
![]() | #6 |
| ![]() Alle Programme starten sehr langsam - Logs anbei OK, hab halt einfach mal neu gestartet. Scheint alles zu laufen. Aber C:\ComboFix.txt kann ich leider nicht finden... |
![]() | #7 |
/// Winkelfunktion /// TB-Süch-Tiger™ ![]() ![]() ![]() ![]() ![]() ![]() | ![]() Alle Programme starten sehr langsam - Logs anbei Führ CF bitte nochmal aus.
__________________ Logfiles bitte immer in CODE-Tags posten ![]() |
![]() |
Themen zu Alle Programme starten sehr langsam - Logs anbei |
alle programme, alternate, ammyy, antivir, avgntflt.sys, bho, canon, corp./icp, cursor, defender, desktop, error, firefox, firefox.exe, flash player, fontcache, install.exe, langs, langsam, location, logfile, mozilla, mozilla thunderbird, mp3, ntdll.dll, nvlddmkm.sys, nvstor.sys, oldtimer, plug-in, programdata, programm, programme starten sehr langsam, realtek, registry, remote control, remote software, required, revo uninstaller, rundll, safer networking, saver, searchplugins, security, sehr langsam, sekunden, shell32.dll, software, start menu, starten, studio, super, system, system restore, tcp, udp, vlc media player, webcheck, windows |