Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Browsergames ruckeln solange svchost.exe läuft (https://www.trojaner-board.de/87430-browsergames-ruckeln-solange-svchost-exe-laeuft.html)

batZen 21.06.2010 15:46
Browsergames ruckeln solange svchost.exe läuft
 
Hallo,

ich habe ein problem und zwar solange eine svchost.exe läuft die ca. 130mb ram verbraucht ruckelt die browser games. Kille ich diesen prozess läuft alles normal.... Problem ist der Prozess startet nach kurzer Zeit direkt wieder, deshalb habe ich nen HiJack log angefertigt

HiJackthis Logfile:
Code:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:32, on 21.06.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
F:\Programme\NAV\Engine\17.7.0.12\ccSvcHst.exe
E:\Fraps\fraps.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Windows\SysWOW64\rundll32.exe
F:\Programme\WhatPulse\WhatPulse.exe
F:\Programme\Acronis True Image\TrueImageMonitor.exe
F:\Programme\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
C:\Windows\SysWOW64\Ctxfihlp.exe
F:\Programme\Xfire\Xfire.exe
C:\Windows\system\Cm106eye.exe
C:\Windows\SysWOW64\CTXFISPI.EXE
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
E:\Firefox\firefox.exe
F:\Programme\Ad-Aware\Ad-Aware.exe
F:\Programme\Ad-Aware\AAWTray.exe
C:\Users\xxx\AppData\Local\Temp\7zO2B53.tmp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Programme\NAV\Engine\17.7.0.12\IPSBHO.DLL
O4 - HKLM\..\Run: [TrueImageMonitor.exe] F:\Programme\Acronis True Image\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "F:\Programme\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKCU\..\Run: [WhatPulse] F:\Programme\WhatPulse\WhatPulse.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Logitech blank Produktregistrierung.lnk = F:\Programme\Logitech\G35\eReg.exe
O4 - Startup: Xfire.lnk = F:\Programme\Xfire\Xfire.exe
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvlsp.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASP.NET-Zustandsdienst (aspnet_state) - Unknown owner - C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - F:\Programme\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - F:\Programme\NAV\Engine\17.7.0.12\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O CleverCache  (O&O CleverCache) - O&O Software GmbH - E:\OO\CleverCache\ooccag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9193 bytes
--- --- ---

cosinus 21.06.2010 22:02
Hallo und :hallo:

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

batZen 22.06.2010 19:19
Code:
OTL logfile created on: 22.06.2010 20:11:22 - Run 1
OTL by OldTimer - Version 3.2.6.1    Folder = C:\Users\ajenderny\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 65,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 79,20 Gb Free Space | 67,64% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 46,06 Gb Free Space | 78,61% Space Free | Partition Type: NTFS
Drive E: | 90,45 Gb Total Space | 84,24 Gb Free Space | 93,13% Space Free | Partition Type: NTFS
Drive F: | 224,61 Gb Total Space | 211,65 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
Drive G: | 589,73 Gb Total Space | 517,34 Gb Free Space | 87,73% Space Free | Partition Type: NTFS
Drive H: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
 
Computer Name: WORKSTATION
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ajenderny\Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Programme\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - F:\Programme\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - F:\Programme\Xfire\Xfire.exe (Xfire Inc.)
PRC - D:\Herr der Ringe online\lotroclient.exe (Turbine, Inc.)
PRC - C:\Windows\SysWOW64\Ctxfihlp.exe (Creative Technology Ltd)
PRC - C:\Windows\SysWOW64\CTxfispi.exe (Creative Technology Ltd)
PRC - F:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - E:\Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
PRC - F:\Programme\NAV\Engine\17.7.0.12\ccsvchst.exe (Symantec Corporation)
PRC - D:\Herr der Ringe online\TurbineLauncher.exe (Turbine, Inc.)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - F:\Programme\WhatPulse\WhatPulse.exe (WhatPulse.org)
PRC - C:\Windows\system\cm106eye.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ajenderny\Downloads\OTL.exe (OldTimer Tools)
MOD - F:\Programme\Xfire\xfire_toucan_42784.dll (Xfire Inc.)
MOD - C:\Windows\SysWOW64\wsock32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msvcr71.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- F:\Programme\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (Boonty Games) -- C:\Program Files (x86)\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (NAV) -- F:\Programme\NAV\Engine\17.7.0.12\ccSvcHst.exe (Symantec Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (O&O CleverCache) -- E:\OO\CleverCache\ooccag.exe (O&O Software GmbH)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\symtdiv.sys (Symantec Corporation)
DRV:64bit: - (ha20x2k) -- C:\Windows\SysNative\drivers\ha20x2k.sys (Creative Technology Ltd)
DRV:64bit: - (emupia) -- C:\Windows\SysNative\drivers\emupia2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctsfm2k) -- C:\Windows\SysNative\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctprxy2k) -- C:\Windows\SysNative\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV:64bit: - (ossrv) -- C:\Windows\SysNative\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV:64bit: - (ctaud2k) Creative Audio Driver (WDM) -- C:\Windows\SysNative\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV:64bit: - (ctac32k) -- C:\Windows\SysNative\drivers\ctac32k.sys (Creative Technology Ltd)
DRV:64bit: - (CTEXFIFX.SYS) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTEXFIFX) -- C:\Windows\SysNative\drivers\CTEXFIFX.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT.SYS) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CTHWIUT) -- C:\Windows\SysNative\drivers\CTHWIUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT.SYS) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (CT20XUT) -- C:\Windows\SysNative\drivers\CT20XUT.sys (Creative Technology Ltd.)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ccHP) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\cchpx64.sys (Symantec Corporation)
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258) -- C:\Windows\SysNative\drivers\tdrpm258.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NAVx64\1107000.00C\symds64.sys (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Electronics Inc)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (fxusbase) -- C:\Windows\SysNative\drivers\fxusbase.sys (AVM Berlin)
DRV:64bit: - (AVMCOWAN) -- C:\Windows\SysNative\drivers\avmcowan.sys (AVM GmbH)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\IPSDefs\20100617.005\IDSviA64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\BASHDefs\20100522.001\BHDrvx64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100622.003\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\Definitions\VirusDefs\20100622.003\ENG64.SYS (Symantec Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F8 77 09 E5 94 0D CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.8
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.87
FF - prefs.js..extensions.enabledItems: remove-new-tab-button@forerunnerdesigns.com:1.0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_17.1.0.19\IPSFFPlgn\ [2010.05.26 17:00:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: E:\Firefox\components [2010.05.12 17:34:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: E:\Firefox\plugins [2010.06.19 13:07:53 | 000,000,000 | ---D | M]
 
[2009.12.26 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\ajenderny\AppData\Roaming\mozilla\Extensions
[2010.06.21 21:14:21 | 000,000,000 | ---D | M] -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions
[2010.06.13 10:32:22 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.04.14 16:53:40 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}
[2010.05.18 16:56:59 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.12 23:27:24 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2009.12.26 18:21:14 | 000,000,000 | ---D | M] -- C:\Users\ajenderny\AppData\Roaming\mozilla\Firefox\Profiles\m2schqxl.default\extensions\remove-new-tab-button@forerunnerdesigns.com
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Programme\NAV\Engine\17.7.0.12\ipsbho.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant]  File not found
O4:64bit: - HKLM..\Run: [Cm106Sound] C:\Windows\Syswow64\cm106.DLL (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ooccctrl.exe] E:\OO\CleverCache\ooccctrl.exe (O&O Software GmbH)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Razer Imperator Driver] C:\Program Files (x86)\Razer\Imperator\RazerImperatorTray.exe (Razer USA Ltd)
O4 - HKCU..\Run: [WhatPulse] F:\Programme\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] F:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\ajenderny\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = F:\Programme\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - H:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - H:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - H:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{705b0190-f21c-11de-8e31-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{705b0190-f21c-11de-8e31-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.22 19:54:46 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Roaming\Malwarebytes
[2010.06.22 19:54:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.22 19:54:33 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.22 19:54:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.22 19:38:15 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.06.22 19:38:14 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.06.22 19:36:45 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.06.22 19:36:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.06.22 19:36:41 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.06.21 16:27:20 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.06.21 16:27:16 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.06.21 16:24:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.06.21 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.06.19 16:33:07 | 004,967,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.06.19 16:33:07 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.06.19 16:33:07 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.06.19 16:33:07 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.06.19 16:33:05 | 021,662,312 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.06.19 16:33:05 | 015,764,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.06.19 16:33:05 | 003,184,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010.06.19 16:33:05 | 002,890,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010.06.19 16:33:05 | 000,405,608 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.06.19 16:33:05 | 000,332,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.06.19 16:33:03 | 012,338,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.06.19 16:33:03 | 009,712,744 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.06.19 16:33:03 | 002,867,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.06.19 16:33:03 | 002,632,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.06.19 16:33:03 | 002,291,304 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.06.19 16:33:03 | 002,145,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.06.19 16:33:02 | 014,511,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.06.19 16:33:02 | 010,263,144 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.06.19 16:33:02 | 006,065,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.06.19 16:33:02 | 004,513,384 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.06.19 16:33:02 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll
[2010.06.19 16:33:02 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.06.19 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Eumex 400
[2010.06.19 13:04:45 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Roaming\Eumex 400
[2010.06.19 13:04:26 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2010.06.19 13:04:26 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010.06.19 13:04:26 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL
[2010.06.19 13:04:26 | 000,031,232 | ---- | C] (AVM Berlin GmbH) -- C:\Windows\SysWow64\I2errDeu.dll
[2010.06.19 13:04:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Eumex 400
[2010.06.19 13:03:50 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2010.06.12 02:19:32 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Local\ElevatedDiagnostics
[2010.06.09 16:53:10 | 000,000,000 | ---D | C] -- C:\Users\ajenderny\AppData\Roaming\VistaAudio
[2010.06.09 16:49:25 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.06.09 16:49:25 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.06.09 16:49:25 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.06.09 16:49:25 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.06.09 16:44:15 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\COMDLG32.OCX
[2010.06.09 16:44:14 | 001,409,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.004
[2010.06.09 16:44:14 | 000,598,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.000
[2010.06.09 16:44:14 | 000,164,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.001
[2010.06.09 16:44:14 | 000,147,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.002
[2010.06.09 16:44:14 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\temp.003
[2010.06.08 16:22:25 | 008,151,040 | ---- | C] (C-Media Corporation) -- C:\Windows\SysWow64\CM106.dll
[2010.06.08 16:22:25 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa106.dll
[2010.06.08 16:22:21 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2010.06.08 16:22:13 | 001,307,648 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10664.sys
[2010.06.08 16:22:13 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\fltr106.dll
[2010.06.07 17:21:02 | 015,282,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.06.07 17:21:02 | 001,691,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.06.07 17:21:02 | 001,448,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.06.07 17:21:02 | 000,116,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.06.01 18:32:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2010.05.31 18:31:01 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.05.31 18:19:17 | 000,255,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1920.dll
[2010.05.05 16:53:36 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.22 20:13:41 | 002,097,152 | -HS- | M] () -- C:\Users\ajenderny\NTUSER.DAT
[2010.06.22 19:54:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.22 19:38:26 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.22 19:23:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.21 22:49:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-60021102}.rfx
[2010.06.21 22:49:33 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-60021102}.rfx
[2010.06.21 22:49:33 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-60021102}.rfx
[2010.06.21 22:26:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.21 22:26:05 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.21 22:24:48 | 001,501,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.21 22:24:48 | 000,654,096 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.21 22:24:48 | 000,615,760 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.21 22:24:48 | 000,130,952 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.21 22:24:48 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.21 22:18:49 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.21 22:18:36 | 2145,492,991 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.21 22:17:19 | 003,386,226 | -H-- | M] () -- C:\Users\ajenderny\AppData\Local\IconCache.db
[2010.06.21 20:22:56 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.06.21 20:22:56 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.06.21 20:22:56 | 000,123,480 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.06.21 20:22:56 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.06.21 20:22:56 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2010.06.21 16:27:08 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010.06.21 16:26:38 | 000,069,152 | ---- | M] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.06.21 16:26:17 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.06.21 16:24:44 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.19 13:04:32 | 000,001,018 | ---- | M] () -- C:\Users\Public\Desktop\Konfigurator Eumex 400.lnk
[2010.06.13 17:26:56 | 000,000,952 | ---- | M] () -- C:\Windows\Cm106.ini.imi
[2010.06.12 11:02:25 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2010.06.12 11:02:25 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.06.09 17:09:24 | 000,266,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.06.08 16:25:27 | 000,000,489 | ---- | M] () -- C:\Windows\Cm106.ini.cfl
[2010.06.08 16:25:26 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2010.06.08 16:25:18 | 000,000,087 | ---- | M] () -- C:\Windows\System\Cm106.ini
[2010.06.08 01:58:00 | 021,662,312 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.06.08 01:58:00 | 015,764,072 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.06.08 01:58:00 | 014,511,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.06.08 01:58:00 | 012,338,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.06.08 01:58:00 | 010,263,144 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.06.08 01:58:00 | 009,712,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.06.08 01:58:00 | 006,824,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2010.06.08 01:58:00 | 006,065,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.06.08 01:58:00 | 004,967,528 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.06.08 01:58:00 | 004,513,384 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.06.08 01:58:00 | 003,184,744 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvencodemft.dll
[2010.06.08 01:58:00 | 002,890,856 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvencodemft.dll
[2010.06.08 01:58:00 | 002,867,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.06.08 01:58:00 | 002,632,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.06.08 01:58:00 | 002,291,304 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.06.08 01:58:00 | 002,145,896 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.06.08 01:58:00 | 001,994,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2010.06.08 01:58:00 | 001,592,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.06.08 01:58:00 | 000,405,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.06.08 01:58:00 | 000,332,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.06.08 01:58:00 | 000,255,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1921.dll
[2010.06.08 01:58:00 | 000,255,592 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.06.08 01:58:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.06.08 01:58:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.06.08 01:58:00 | 000,012,507 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.06.08 01:58:00 | 000,011,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.06.07 17:21:02 | 015,282,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2010.06.07 17:21:02 | 001,691,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2010.06.07 17:21:02 | 001,448,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2010.06.07 17:21:02 | 000,116,328 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2010.06.01 19:03:34 | 000,001,854 | ---- | M] () -- C:\Users\ajenderny\AppData\Roaming\ImperatorProfile0.dat
[2010.06.01 18:37:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2010.06.01 18:35:30 | 000,058,032 | ---- | M] () -- C:\Users\ajenderny\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.28 02:09:00 | 000,041,872 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.28 02:09:00 | 000,027,536 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.05.27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.05.27 08:34:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.05.27 06:11:32 | 000,366,080 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.05.27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
 
========== Files Created - No Company Name ==========
 
[2010.06.22 19:54:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.22 19:38:26 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.06.21 17:47:27 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.06.21 16:24:44 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.06.19 13:04:32 | 000,001,018 | ---- | C] () -- C:\Users\Public\Desktop\Konfigurator Eumex 400.lnk
[2010.06.08 16:22:25 | 000,787,456 | ---- | C] () -- C:\Windows\SysNative\Cmeau106.exe
[2010.06.08 16:22:25 | 000,491,520 | ---- | C] () -- C:\Windows\System\cmau106.dll
[2010.06.08 16:22:25 | 000,389,120 | ---- | C] () -- C:\Windows\SysNative\CM106.cpl
[2010.06.08 16:22:25 | 000,221,184 | ---- | C] () -- C:\Windows\System\cm106eye.exe
[2010.06.08 16:22:25 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2010.06.08 16:22:25 | 000,010,134 | ---- | C] () -- C:\Windows\cmeau106.ico
[2010.06.08 16:22:25 | 000,000,489 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2010.06.08 16:22:25 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2010.06.08 16:22:21 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2010.06.08 16:22:21 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2010.06.08 16:22:21 | 000,000,952 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2010.06.08 16:22:21 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2010.06.08 16:22:21 | 000,000,087 | ---- | C] () -- C:\Windows\System\Cm106.ini
[2010.06.01 18:43:14 | 000,001,854 | ---- | C] () -- C:\Users\ajenderny\AppData\Roaming\ImperatorProfile0.dat
[2010.06.01 18:37:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_WinUsb_01005.Wdf
[2010.05.28 02:09:00 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.05.28 02:09:00 | 000,027,536 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2010.05.05 17:34:20 | 000,027,039 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.05.05 16:51:04 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2009.12.26 18:35:57 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.12.26 18:35:57 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.12.26 18:35:25 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2009.12.26 16:57:04 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.03 22:00:28 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.05.26 19:56:08 | 000,000,297 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2009.04.15 15:04:38 | 000,104,520 | ---- | C] () -- C:\Windows\SysWow64\OSD.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5C321E34
< End of report >
Code:
OTL Extras logfile created on: 22.06.2010 20:11:22 - Run 1
OTL by OldTimer - Version 3.2.6.1    Folder = C:\Users\ajenderny\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 65,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 117,09 Gb Total Space | 79,20 Gb Free Space | 67,64% Space Free | Partition Type: NTFS
Drive D: | 58,59 Gb Total Space | 46,06 Gb Free Space | 78,61% Space Free | Partition Type: NTFS
Drive E: | 90,45 Gb Total Space | 84,24 Gb Free Space | 93,13% Space Free | Partition Type: NTFS
Drive F: | 224,61 Gb Total Space | 211,65 Gb Free Space | 94,23% Space Free | Partition Type: NTFS
Drive G: | 589,73 Gb Total Space | 517,34 Gb Free Space | 87,73% Space Free | Partition Type: NTFS
Drive H: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
I: Drive not present or media not loaded
 
Computer Name: WORKSTATION
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{109945A8-D8D5-48B8-B4A5-195D3F99B56D}" = Logitech GamePanel Software 3.04.143
"{23170F69-40C1-2702-0910-000001000000}" = 7-Zip 9.10 (x64 edition)
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}" = O&O CleverCache
"C-Media CM106 Like Sound Driver" = USB Multi-Channel Audio Device
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{A1E1A376-49D4-4960-8599-D5D26A4C2E7B}" = Razer Imperator
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4F3A360-E1E2-479D-ADE7-9BE3B07F4539}" = NVIDIA PhysX
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D9292112-253F-438D-B1AB-432E5A1FE1B5}" = Imperator Firmware Updater 1.13
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudioCS" = Creative Audio-Systemsteuerung
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Fraps" = Fraps (remove only)
"HijackThis" = HijackThis 2.0.2
"IrfanView" = IrfanView (remove only)
"Konfigurator Eumex 400" = Konfigurator Eumex 400
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NAV" = Norton AntiVirus
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"SpywareBlaster_is1" = SpywareBlaster 4.3
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Visual Watermark_is1" = Visual Watermark 2.9.30
"WhatPulse" = WhatPulse 1.6.2.1
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"LCDHost" = LCDHost - a compositing plugin manager for LCD's
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.06.2010 16:05:40 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.06.2010 16:05:40 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1264
 
Error - 20.06.2010 16:05:40 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1264
 
Error - 20.06.2010 16:05:42 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.06.2010 16:05:42 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2512
 
Error - 20.06.2010 16:05:42 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2512
 
Error - 20.06.2010 16:05:43 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 20.06.2010 16:05:43 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3760
 
Error - 20.06.2010 16:05:43 | Computer Name = Workstation | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3760
 
Error - 21.06.2010 10:25:25 | Computer Name = Workstation | Source = Lavasoft Ad-Aware Service | ID = 0
Description =
 
[ System Events ]
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Programmkompatibilitäts-Assistent-Dienst" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 60000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Überwachung verteilter Verknüpfungen (Client)" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Sitzungs-Manager für Desktopfenster-Manager" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Enumeratordienst für tragbare Geräte" wurde unerwartet
 beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
 in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 12:06:56 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework"
 wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen
 werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
 
Error - 21.06.2010 13:26:20 | Computer Name = Workstation | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 21.06.2010 13:38:32 | Computer Name = Workstation | Source = VDS Basic Provider | ID = 33554433
Description =
 
Error - 21.06.2010 16:49:34 | Computer Name = Workstation | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 22.06.2010 13:37:04 | Computer Name = Workstation | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
 
< End of report >

batZen 22.06.2010 19:58
Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4225

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.06.2010 20:38:26
mbam-log-2010-06-22 (20-38-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 217761
Laufzeit: 33 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:51 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131