| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem laptop ist sehr langsam !!!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.11.2011, 21:13
| #1 |
| |  Problem laptop ist sehr langsam !!! Guten tag zusammen ich bin am verzweifelln, seid längerem läuft mein laptop total langsam IE explorer spinnt rum und schließt die ganze zeit,das system läuft total langsam . ich weiss nicht was ich machen soll. ich have anti vir durchlaufen lassen Malwarebytes und Anti vir rescue CD aber nichts hilft, ich hofe ihr könnt mir weiterhelfen liebe grüße |
|
25.11.2011, 21:42
| #2 |
| | Problem laptop ist sehr langsam !!! Ich poste schonma die logfiles:
__________________OTL.txt Code:
ATTFilter OTL logfile created on: 25.11.2011 21:26:36 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,88% Memory free 6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 34,18 Gb Total Space | 3,61 Gb Free Space | 10,55% Space Free | Partition Type: NTFS Drive D: | 263,91 Gb Total Space | 238,76 Gb Free Space | 90,47% Space Free | Partition Type: NTFS Computer Name: ONKEL-PC | User Name: Onkel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.11.25 21:23:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Onkel\Desktop\OTL.exe PRC - [2011.11.13 00:24:58 | 000,421,736 | ---- | M] (Apple Inc.) -- D:\iTunesHelper.exe PRC - [2011.10.27 20:14:48 | 000,103,224 | ---- | M] (Linkury) -- C:\Program Files\Linkury\Linkury.exe PRC - [2011.10.11 14:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.08.21 15:28:40 | 000,241,992 | ---- | M] () -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe PRC - [2011.08.01 13:35:42 | 000,114,992 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe PRC - [2011.04.08 11:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2011.03.30 15:44:58 | 001,324,008 | ---- | M] (Iminent) -- C:\Program Files\Iminent\IMBooster\IMBooster.exe PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.09 19:17:46 | 000,778,240 | ---- | M] (Mirco-Star International CO., LTD.) -- C:\Program Files\System Control Manager\MGSysCtrl.exe PRC - [2008.08.27 01:52:14 | 000,229,376 | ---- | M] () -- C:\Program Files\System Control Manager\MSIService.exe PRC - [2008.08.20 11:35:20 | 006,265,376 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.04.30 03:44:28 | 000,050,952 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\upeksvr.exe PRC - [2008.04.30 03:25:36 | 000,278,792 | ---- | M] (UPEK Inc.) -- C:\Program Files\Protector Suite QL\psqltray.exe PRC - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.09.29 01:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe ========== Modules (No Company Name) ========== MOD - [2011.11.06 17:24:22 | 000,904,704 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2011.11.06 17:24:21 | 000,118,784 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.VisualStudio.OLE.Interop\7.1.40304.0__b03f5f7f11d50a3a\Microsoft.VisualStudio.OLE.Interop.dll MOD - [2011.11.06 17:24:06 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll MOD - [2011.10.27 17:07:30 | 000,330,040 | ---- | M] () -- C:\Program Files\Linkury\Linkury.Resources.FilesManager.dll MOD - [2011.10.27 17:07:20 | 000,074,240 | ---- | M] () -- C:\Program Files\Linkury\Linkury.GUI.Docking.dll MOD - [2011.10.27 17:07:20 | 000,046,904 | ---- | M] () -- C:\Program Files\Linkury\MACTrackBarLib.dll MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.28 04:25:55 | 000,220,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\80bd17388778c90f301746ad88700758\CustomMarshalers.ni.dll MOD - [2011.06.28 04:25:22 | 001,840,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\81a310f5bd696b74485a513680672a5e\System.Web.Services.ni.dll MOD - [2011.06.28 04:25:20 | 011,800,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\0a1195c6b5fab213527364c9e8b26ef0\System.Web.ni.dll MOD - [2011.06.28 04:25:09 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll MOD - [2011.06.28 04:25:09 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll MOD - [2011.06.28 04:25:00 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011.06.25 05:11:35 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011.06.25 05:11:19 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011.06.25 05:11:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011.06.25 05:10:55 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll MOD - [2011.06.25 05:10:09 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011.06.25 05:10:00 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011.03.30 15:45:12 | 000,016,360 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\de\Iminent.Booster.UI.resources.dll MOD - [2011.03.30 15:45:06 | 000,236,520 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Windows.dll MOD - [2011.03.30 15:45:06 | 000,218,600 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Workflow.dll MOD - [2011.03.30 15:45:04 | 001,869,288 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Services.dll MOD - [2011.03.30 15:45:02 | 000,041,960 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Business.TinyUrl.dll MOD - [2011.03.30 15:45:00 | 000,337,896 | ---- | M] () -- C:\Program Files\Iminent\IMBooster\Iminent.Booster.UI.dll MOD - [2008.12.23 14:32:51 | 008,007,680 | ---- | M] () -- C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll MOD - [2008.08.25 20:47:16 | 000,262,144 | ---- | M] () -- C:\Program Files\System Control Manager\MSIWmiAcpi.dll MOD - [2008.07.27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008.07.27 19:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2008.07.27 19:03:11 | 000,069,120 | ---- | M] () -- C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2008.07.27 19:03:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.07.18 22:39:04 | 000,110,592 | ---- | M] () -- C:\Program Files\System Control Manager\MGKBHook.dll MOD - [2006.09.14 08:20:24 | 000,126,464 | ---- | M] () -- C:\Program Files\WinRAR 3.61 Multi\rarext.dll ========== Win32 Services (SafeList) ========== SRV - [2011.11.18 22:06:36 | 003,313,752 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_d768ebc.dll -- (Akamai) SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.08.21 15:28:40 | 000,241,992 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe -- (vToolbarUpdater) SRV - [2008.08.27 01:52:14 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Program Files\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2008.03.18 05:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.09.29 01:05:16 | 000,128,360 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service) ========== Driver Services (SafeList) ========== DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.07.21 20:46:11 | 000,233,024 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2008.09.24 05:26:00 | 007,585,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.06.30 12:56:12 | 000,917,504 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.09 09:45:08 | 001,748,352 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2008.05.02 06:59:40 | 000,122,368 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.04.28 18:54:58 | 000,054,784 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2008.04.27 23:29:26 | 003,658,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.03.21 05:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.16 00:01:06 | 000,131,712 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd) DRV - [2008.02.01 00:55:06 | 000,074,240 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid) DRV - [2008.01.23 05:57:48 | 000,054,144 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd) DRV - [2007.11.29 18:45:44 | 000,036,608 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp) DRV - [2007.10.18 23:25:00 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfusb.sys -- (Tosrfusb) DRV - [2007.10.02 20:43:22 | 000,064,128 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom) DRV - [2006.10.11 04:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte) DRV - [2005.01.07 14:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\InprocServer32 File not found IE - HKLM\..\URLSearchHook: {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files\ClipGrab\prxtbCli0.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com.tw IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 90 A6 B5 05 60 CC 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb" FF - prefs.js..browser.search.defaultthis.engineName: "IsoBuster Customized Web Search" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "Linkury Smartbar Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.linkury.com" FF - prefs.js..network.proxy.type: 0 FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "foxsearch" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1700389&SearchSource=3&q={searchTerms}" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.startup.homepage: "hxxp://isearch.avg.com?cid=%7B895f4ce2-6fb8-419c-af8d-9ecaa4428160%7D&mid=084f59eac20047d19501d168c30257e6-690b1a0136af0e6e9bf706ef2fdaf96381c1f9c8&ds=tg025&v=8.0.0.33&lang=en&pr=sa&d=2011-08-21%2016%3A28%3A41" FF - prefs.js..keyword.URL: "hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:7317400059&cof=FORID:11&sa=Search&siteurl=search.linkury.com&q=" FF - prefs.js..browser.search.defaultenginename: "Google" FF - user.js..browser.search.order.1: "foxsearch" FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@funwebproducts.com/Plugin: C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.10.17 00:25:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.22 20:04:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Onkel\AppData\Roaming\mozilla\Extensions [2011.11.24 18:04:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions [2011.10.09 17:43:02 | 000,000,000 | ---D | M] (IsoBuster Community Toolbar) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{266fcdca-7bb3-4da7-b3bf-f845dea2ebd6} [2011.11.07 19:44:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.10.01 21:23:13 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} [2011.07.04 14:54:25 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2011.10.09 17:43:03 | 000,000,000 | ---D | M] (IncrediMail MediaBar 2 Community Toolbar) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} [2011.10.16 16:30:12 | 000,000,000 | ---D | M] (ClipGrab Community Toolbar) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{e36df325-3f4b-476f-8f89-123bc5d51a30} [2011.10.02 20:02:22 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011.10.23 14:15:26 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2011.10.09 17:43:01 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\avg@toolbar [2011.11.07 19:45:09 | 000,000,000 | ---D | M] (ICQ Sparberater) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\ciuvo-extension@icq.de [2011.10.01 19:26:43 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\ffxtlbr@babylon.com [2011.11.24 18:04:05 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\linkuryfirefoxremoteplugin@linkury.com [2011.10.11 17:28:56 | 000,000,000 | ---D | M] (My Web Search) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\m3ffxtbr@mywebsearch.com [2011.10.04 04:48:27 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\plugin@yontoo.com [2011.11.07 19:45:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\0fha4f59.default\extensions\ciuvo-extension@icq.de\chrome [2011.10.30 16:24:53 | 000,003,851 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\avg-secure-search.xml [2011.09.27 13:22:00 | 000,000,921 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\conduit.xml [2011.03.30 14:13:16 | 000,001,033 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\icqplugin.xml [2011.11.24 18:04:06 | 000,002,072 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\Linkury Smartbar Search.xml [2011.10.02 20:02:25 | 000,002,207 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\MyStart Search.xml [2011.10.16 13:31:48 | 000,009,924 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\mywebsearch.xml [2011.11.21 23:31:10 | 000,002,230 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\SearchTheWeb.xml [2011.10.23 14:15:22 | 000,003,915 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Mozilla\Firefox\Profiles\0fha4f59.default\searchplugins\sweetim.xml [2011.11.21 13:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2011.10.01 19:27:31 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\mozilla firefox\extensions\adapter@babylontc.com [2011.10.01 19:27:31 | 000,000,000 | ---D | M] (Babylon OCR) -- C:\Program Files\mozilla firefox\extensions\ocr@babylon.com [2011.10.26 21:10:29 | 000,000,000 | ---D | M] (Iminent WebBooster) -- C:\Program Files\mozilla firefox\extensions\webbooster@iminent.com File not found (No name found) -- C:\USERS\ONKEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0FHA4F59.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM File not found (No name found) -- C:\USERS\ONKEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0FHA4F59.DEFAULT\EXTENSIONS\GUTSCHEINMIEZE@SYNATIX-GMBH.DE [2011.05.07 17:23:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.10.17 00:25:35 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.10.17 00:25:33 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.01 19:26:33 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2011.10.17 00:25:33 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.10.17 00:25:33 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.10.07 18:06:05 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml [2011.08.14 12:59:18 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src [2011.10.17 00:25:33 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.08.21 23:09:52 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml [2011.10.17 00:25:33 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.10.17 00:25:33 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Linkury Smartbar Search (Enabled) CHR - default_search_provider: search_url = hxxp://cloud-search.linkury.com/results.htm?cx=partner-pub-7890126930977991:5731629158&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com CHR - default_search_provider: suggest_url = O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll File not found O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found. O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.33\AVG Secure Search_toolbar.dll () O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll File not found O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\IMBooster4Web\Iminent.WebBooster.dll (Iminent) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll File not found O2 - BHO: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files\ClipGrab\prxtbCli0.dll (Conduit Ltd.) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC) O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files\icq\Internet Explorer\icq.dll (solute gmbh) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\8.0.0.33\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll File not found O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll File not found O3 - HKLM\..\Toolbar: (ClipGrab Toolbar) - {e36df325-3f4b-476f-8f89-123bc5d51a30} - C:\Program Files\ClipGrab\prxtbCli0.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files\uTorrentBar_DE\prxtbuTor.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (ClipGrab Toolbar) - {E36DF325-3F4B-476F-8F89-123BC5D51A30} - C:\Program Files\ClipGrab\prxtbCli0.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart File not found O4 - HKLM..\Run: [IMBooster] C:\Program Files\Iminent\IMBooster\imbooster.exe (Iminent) O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION) O4 - HKLM..\Run: [iTunesHelper] D:\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Mirco-Star International CO., LTD.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [wmime] C:\Program Files\HEM\wmime.exe () O4 - HKCU..\Run: [4Y3Y0C3AZA8F4D1ANRIHDZNQP] C:\winslot.Bin\AB371A654B5.exe /q File not found O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Onkel\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc) O4 - HKCU..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun File not found O4 - HKCU..\Run: [Fast Windows Hider] C:\Program Files\Fast Windows Hider\fwh.exe File not found O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [Linkury Chrome Smartbar] C:\Program Files\Linkury\Linkury.exe (Linkury) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found O4 - HKCU..\Run: [Window Hide Tool] C:\Program Files\Window Hide Tool\Window Hide Tool.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found O8 - Extra context menu item: Web-Suche - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EBD1AA0-84BA-4C3B-BED2-373E3146582C}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B9AA9B7-D294-4060-8213-0C4646EC863A}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll () O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) -C:\Windows\System32\vrlogon.dll (UPEK Inc.) O20 - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\System32\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk /p \??\C:) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.25 21:24:02 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Onkel\Desktop\OTL.exe [2011.11.22 20:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.22 20:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011.11.22 06:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011.11.22 06:57:59 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.20 23:37:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2011.11.16 03:43:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll [2011.11.16 03:43:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll [2011.11.16 03:43:07 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll [2011.11.16 03:43:07 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll [2011.11.16 03:43:06 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll [2011.11.16 03:43:06 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll [2011.11.16 03:43:06 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll [2011.11.16 03:43:05 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll [2011.11.16 03:43:04 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll [2011.11.16 03:43:04 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll [2011.11.16 03:43:04 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll [2011.11.16 03:43:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll [2011.11.16 03:43:03 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll [2011.11.16 03:43:03 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll [2011.11.16 03:43:02 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll [2011.11.16 03:43:02 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll [2011.11.16 03:43:01 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll [2011.11.16 03:43:01 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll [2011.11.16 03:43:01 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll [2011.11.16 03:43:00 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll [2011.11.16 03:43:00 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll [2011.11.16 03:42:59 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll [2011.11.16 03:42:59 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll [2011.11.16 03:42:59 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll [2011.11.16 03:42:58 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll [2011.11.16 03:42:58 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll [2011.11.16 03:42:58 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll [2011.11.16 03:42:58 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll [2011.11.16 03:42:57 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll [2011.11.16 03:42:57 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll [2011.11.16 03:42:57 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll [2011.11.16 03:42:57 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll [2011.11.16 03:42:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll [2011.11.16 03:42:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll [2011.11.16 03:42:56 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll [2011.11.16 03:42:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll [2011.11.16 03:42:56 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll [2011.11.16 03:42:55 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll [2011.11.16 03:42:55 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll [2011.11.16 03:42:55 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll [2011.11.16 03:42:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll [2011.11.16 03:42:54 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll [2011.11.16 03:42:54 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll [2011.11.16 03:42:54 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll [2011.11.16 03:42:53 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll [2011.11.16 03:42:53 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll [2011.11.16 03:42:53 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll [2011.11.16 03:42:52 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll [2011.11.16 03:42:52 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll [2011.11.16 03:42:52 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll [2011.11.16 03:42:51 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll [2011.11.16 03:42:51 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll [2011.11.16 03:42:51 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll [2011.11.16 03:42:51 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll [2011.11.16 03:42:50 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll [2011.11.16 03:42:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll [2011.11.16 03:42:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll [2011.11.16 03:42:49 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll [2011.11.16 03:42:49 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll [2011.11.16 03:42:48 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll [2011.11.16 03:42:48 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll [2011.11.16 03:42:46 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll [2011.11.16 03:42:46 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll [2011.11.16 03:42:46 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll [2011.11.16 03:42:46 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll [2011.11.16 03:42:45 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll [2011.11.16 03:39:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx [2011.11.16 03:26:51 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\RIFT [2011.11.13 16:34:18 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\MigWiz [2011.11.09 23:06:04 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\Akamai [2011.11.07 19:44:47 | 000,000,000 | ---D | C] -- C:\Program Files\icq [2011.11.07 19:44:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.6 [2011.11.07 19:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.6 [2011.11.06 17:23:57 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\Linkury [2011.11.06 17:23:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Linkury [2011.11.06 17:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\Linkury [2011.11.06 17:22:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.1 [2011.11.06 17:22:30 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6.1 [2011.11.01 20:41:17 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\Malwarebytes [2011.11.01 20:40:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.11.01 20:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.11.01 20:40:36 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.11.01 20:40:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.11.01 20:39:40 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Onkel\Desktop\herbert.exe [2011.11.01 20:35:51 | 009,852,544 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Onkel\Desktop\mbam-setup-1.51.2.1300.exe [2011.11.01 19:42:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune [2011.11.01 19:42:39 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune ========== Files - Modified Within 30 Days ========== [2011.11.25 21:23:22 | 000,056,831 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.11.25 21:23:06 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Onkel\Desktop\OTL.exe [2011.11.25 21:03:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.11.25 19:35:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.11.25 19:35:20 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.25 19:35:20 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.25 19:35:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.25 16:16:12 | 000,001,356 | ---- | M] () -- C:\Users\Onkel\AppData\Local\d3d9caps.dat [2011.11.25 15:58:44 | 000,000,417 | ---- | M] () -- C:\RF_Online.CT [2011.11.25 15:43:19 | 000,001,821 | ---- | M] () -- C:\Users\Onkel\daaa.PTR [2011.11.25 15:43:19 | 000,000,000 | ---- | M] () -- C:\Users\Onkel\daaa.PTR.1 [2011.11.25 15:43:19 | 000,000,000 | ---- | M] () -- C:\Users\Onkel\daaa.PTR.0 [2011.11.25 07:46:24 | 000,644,136 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.11.25 07:46:24 | 000,600,690 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.11.25 07:46:24 | 000,131,388 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.11.25 07:46:24 | 000,108,572 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.11.25 07:36:35 | 000,265,896 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.11.14 22:05:02 | 006,256,426 | ---- | M] () -- C:\Users\Onkel\Desktop\Snow Patrol - Called Out In The Dark (Official Video).mp3 [2011.11.10 03:08:26 | 000,000,127 | ---- | M] () -- C:\Windows\System32\MRT.INI [2011.11.07 19:25:20 | 004,956,155 | ---- | M] () -- C:\Users\Onkel\Documents\Marcapasos feat Janosh - Monster 2k10 (Radio Edit).mp3 [2011.11.06 19:15:43 | 000,002,376 | ---- | M] () -- C:\Windows\Sandboxie.ini [2011.11.06 17:22:37 | 000,000,892 | ---- | M] () -- C:\Users\Onkel\Desktop\Cheat Engine.lnk [2011.11.02 00:12:26 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011.11.01 21:13:16 | 000,684,297 | ---- | M] () -- C:\Users\Onkel\Desktop\unhide.exe [2011.11.01 20:39:39 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Onkel\Desktop\herbert.exe [2011.11.01 20:32:22 | 009,852,544 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Onkel\Desktop\mbam-setup-1.51.2.1300.exe [2011.11.01 20:09:10 | 001,008,092 | ---- | M] () -- C:\Users\Onkel\Desktop\rkill.com [2011.11.01 19:42:44 | 000,000,745 | ---- | M] () -- C:\Users\Onkel\Desktop\HD Tune.lnk [2011.10.31 23:15:20 | 000,000,456 | ---- | M] () -- C:\ProgramData\1kAlMiG2Kb7FzP [2011.10.31 23:13:36 | 000,000,304 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.10.31 23:13:35 | 000,000,200 | ---- | M] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.10.31 17:49:36 | 000,000,989 | ---- | M] () -- C:\Users\Onkel\Desktop\Internet Explorer (No Add-ons) (2).lnk [2011.10.31 11:54:39 | 000,006,196 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Inf468 [2011.10.31 06:15:08 | 000,056,831 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.10.30 23:41:44 | 000,000,618 | ---- | M] () -- C:\Users\Onkel\AppData\Roaming\Inf002 ========== Files Created - No Company Name ========== [2011.11.25 15:58:44 | 000,000,417 | ---- | C] () -- C:\RF_Online.CT [2011.11.25 15:43:19 | 000,001,821 | ---- | C] () -- C:\Users\Onkel\daaa.PTR [2011.11.25 15:43:19 | 000,000,000 | ---- | C] () -- C:\Users\Onkel\daaa.PTR.1 [2011.11.25 15:43:19 | 000,000,000 | ---- | C] () -- C:\Users\Onkel\daaa.PTR.0 [2011.11.14 22:03:47 | 006,256,426 | ---- | C] () -- C:\Users\Onkel\Desktop\Snow Patrol - Called Out In The Dark (Official Video).mp3 [2011.11.07 19:24:43 | 004,956,155 | ---- | C] () -- C:\Users\Onkel\Documents\Marcapasos feat Janosh - Monster 2k10 (Radio Edit).mp3 [2011.11.06 17:22:37 | 000,000,892 | ---- | C] () -- C:\Users\Onkel\Desktop\Cheat Engine.lnk [2011.11.01 21:22:56 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2011.11.01 21:22:56 | 000,000,821 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2011.11.01 21:22:53 | 000,001,950 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Photo Gallery.lnk [2011.11.01 21:22:53 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IncrediMail.lnk [2011.11.01 21:22:53 | 000,001,852 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Collaboration.lnk [2011.11.01 21:22:53 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2011.11.01 21:22:53 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 8.lnk [2011.11.01 21:22:53 | 000,001,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2011.11.01 21:22:53 | 000,001,770 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Calendar.lnk [2011.11.01 21:22:53 | 000,001,768 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker.lnk [2011.11.01 21:22:53 | 000,001,761 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2011.11.01 21:22:53 | 000,001,757 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Defender.lnk [2011.11.01 21:22:53 | 000,001,743 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk [2011.11.01 21:22:53 | 000,001,740 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2011.11.01 21:22:53 | 000,001,719 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2011.11.01 21:22:53 | 000,001,703 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Contacts.lnk [2011.11.01 21:22:53 | 000,001,630 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2011.11.01 21:22:53 | 000,001,032 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Burn Disc Burning Software.lnk [2011.11.01 21:22:53 | 000,000,976 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Express Rip.lnk [2011.11.01 21:22:53 | 000,000,945 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WavePad Sound Editor.lnk [2011.11.01 21:22:53 | 000,000,868 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.11.01 21:22:53 | 000,000,604 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live.lnk [2011.11.01 21:13:09 | 000,684,297 | ---- | C] () -- C:\Users\Onkel\Desktop\unhide.exe [2011.11.01 20:26:34 | 001,008,092 | ---- | C] () -- C:\Users\Onkel\Desktop\rkill.com [2011.11.01 19:42:44 | 000,000,745 | ---- | C] () -- C:\Users\Onkel\Desktop\HD Tune.lnk [2011.10.31 23:13:35 | 000,000,304 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzP [2011.10.31 23:13:35 | 000,000,200 | ---- | C] () -- C:\ProgramData\~1kAlMiG2Kb7FzPr [2011.10.31 23:13:27 | 000,000,456 | ---- | C] () -- C:\ProgramData\1kAlMiG2Kb7FzP [2011.10.31 17:49:36 | 000,000,989 | ---- | C] () -- C:\Users\Onkel\Desktop\Internet Explorer (No Add-ons) (2).lnk [2011.10.24 19:15:23 | 000,000,618 | ---- | C] () -- C:\Users\Onkel\AppData\Roaming\Inf002 [2011.10.18 22:10:26 | 000,002,376 | ---- | C] () -- C:\Windows\Sandboxie.ini [2011.10.16 23:26:57 | 000,000,000 | ---- | C] () -- C:\Users\Onkel\AppData\Roaming\LhhLIMyKK7EK [2011.10.15 17:57:33 | 000,000,000 | ---- | C] () -- C:\Users\Onkel\AppData\Roaming\dh1dg0766Ai6 [2011.10.14 22:17:11 | 000,082,404 | ---- | C] () -- C:\Windows\System32\mlfcache.dat [2011.10.13 02:02:21 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.10.07 16:14:50 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2011.10.01 19:26:32 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll [2011.08.27 22:57:53 | 000,106,624 | ---- | C] () -- C:\Program Files\Picture of me 8.png [2011.08.27 22:55:32 | 000,134,757 | ---- | C] () -- C:\Program Files\Picture of me 6.png [2011.08.21 00:36:15 | 000,000,462 | ---- | C] () -- C:\Windows\OTL.exe.lnk [2011.08.08 17:33:50 | 000,006,196 | ---- | C] () -- C:\Users\Onkel\AppData\Roaming\Inf468 [2011.08.06 21:15:08 | 000,000,057 | ---- | C] () -- C:\ProgramData\Inf001 [2011.08.04 19:58:43 | 000,001,356 | ---- | C] () -- C:\Users\Onkel\AppData\Local\d3d9caps.dat [2011.07.30 21:42:04 | 000,333,288 | ---- | C] () -- C:\Windows\System32\sqlite3.dll [2011.07.21 20:56:32 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll [2011.07.21 19:33:02 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll [2011.07.21 19:33:02 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll [2011.07.21 19:33:02 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll [2011.06.02 13:59:31 | 000,006,144 | ---- | C] () -- C:\Users\Onkel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.19 16:44:26 | 000,840,580 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate [2008.12.23 14:45:59 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI [2008.12.22 22:27:19 | 001,748,352 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2008.12.22 22:27:19 | 000,028,672 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2008.12.22 22:16:37 | 000,056,831 | ---- | C] () -- C:\ProgramData\nvModes.001 [2008.12.22 22:10:52 | 000,056,831 | ---- | C] () -- C:\ProgramData\nvModes.dat [2008.12.22 21:21:02 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2008.12.22 21:21:02 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.12.22 20:29:15 | 000,644,136 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.12.22 20:29:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.12.22 20:29:15 | 000,131,388 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.12.22 20:29:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2007.12.22 01:46:32 | 000,118,784 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,265,896 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,600,690 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,108,572 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2005.07.23 06:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll ========== LOP Check ========== [2011.10.13 21:26:35 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Babylon [2011.07.21 20:47:14 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\DAEMON Tools Pro [2011.11.21 13:36:35 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Gutscheinmieze [2011.11.07 19:46:06 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\ICQ [2011.10.04 04:49:12 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Jens Lorek [2011.08.21 18:53:28 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\logs [2011.08.21 19:32:49 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\LolClient [2011.11.06 17:22:38 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\OpenCandy [2011.10.26 21:14:20 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\PhotoScape [2010.06.19 16:36:54 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Protector Suite [2011.10.02 20:24:47 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Red Kawa [2011.10.01 21:58:34 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\redsn0w [2011.11.21 13:42:58 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\RIFT [2011.10.15 16:32:52 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Stu Bedore [2011.10.23 23:53:47 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\TuneUpMedia [2011.08.14 12:11:30 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Ulead Systems [2011.10.11 17:31:05 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\uTorrent [2011.11.25 19:32:58 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt Code:
ATTFilter OTL Extras logfile created on: 25.11.2011 21:26:36 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,71 Gb Available Physical Memory | 56,88% Memory free
6,20 Gb Paging File | 4,67 Gb Available in Paging File | 75,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,18 Gb Total Space | 3,61 Gb Free Space | 10,55% Space Free | Partition Type: NTFS
Drive D: | 263,91 Gb Total Space | 238,76 Gb Free Space | 90,47% Space Free | Partition Type: NTFS
Computer Name: ONKEL-PC | User Name: Onkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{5A032EE4-16CE-40F6-8B0C-B3EF9697399C}" = lport=137 | protocol=17 | dir=in | app=system |
"{7075F423-C7A4-491E-8B6D-0EA4329A4A20}" = lport=139 | protocol=6 | dir=in | app=system |
"{72BD0A58-5CC5-49BC-A1FE-F6D9598D27C8}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{7A4C27CE-177E-4044-9E02-E878B67C6155}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{7ECDB497-8DDD-460E-81DA-332EDC8D6728}" = lport=445 | protocol=6 | dir=in | app=system |
"{9378D00F-4651-48E5-BF98-8871CCC19948}" = rport=139 | protocol=6 | dir=out | app=system |
"{9A7CCC86-4D51-49AC-BC64-1CE28C4C8211}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AEBC10AD-A4E5-4497-8717-31500D0ECF0F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{B018E97A-B2CE-4F90-A96A-514DBEB60695}" = rport=137 | protocol=17 | dir=out | app=system |
"{BC27A02A-7D7B-4640-966E-40CEC030E05A}" = rport=445 | protocol=6 | dir=out | app=system |
"{DDD5D0AC-8857-4305-BD3E-81AF40B7D30F}" = lport=138 | protocol=17 | dir=in | app=system |
"{EA10BA0B-DB6E-42AE-B3A4-8DCD85A110EA}" = rport=138 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0531B698-1E2C-46B3-B2DA-7AB68C907787}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0AD1FEE1-CA85-4B5E-86B4-A35DF61CEC05}" = protocol=6 | dir=in | app=d:\world of warcraft 2\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{12CC41E8-5EE2-4B71-84DE-ECCEFBA33221}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{134C1929-369E-449C-88F0-A88461281C8B}" = protocol=6 | dir=out | app=c:\program files\iminent\imbooster\imbooster.exe |
"{3D336D23-AB20-4135-A29B-FA303B122F44}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{3EF05A84-46B1-4887-AD78-D5A23070F757}" = protocol=17 | dir=in | app=c:\users\onkel\appdata\local\akamai\netsession_win.exe |
"{40B2D1E3-D87B-47C3-99F2-DE8D1CCBE06E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4CBDDADF-C664-469E-BF11-917048EB618A}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{5CBCC03E-D249-4D8B-B255-6F64C89466B7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{6C25DD9F-1C29-40A5-9F6A-CAE9F0EA5C25}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{761314C9-292C-4D94-AD6E-610575999FBB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{886EF2E6-4F4E-4792-8A03-FBE1282E686D}" = protocol=17 | dir=in | app=d:\world of warcraft 2\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe |
"{8F63F086-0BB9-42CC-BBF8-EC207EFEC5BB}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{909B6745-91C2-4F34-8CAA-1D1A34CD6AE3}" = dir=in | app=d:\itunes.exe |
"{96F3665C-C3D5-4573-BA6C-E264CB20A312}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{970900EE-4E86-4C64-8446-B50398B4C2E6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{97AD1732-CC9F-4542-9202-D6B4D4149895}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{9E1BD199-ECB2-482F-BFE0-03E033298B02}" = protocol=6 | dir=in | app=c:\program files\iminent\imbooster\imbooster.exe |
"{9FD80B5B-6019-4CDD-BACA-1DD1F38D0948}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{A50703B9-30EF-4B12-9038-B06A1B2650CB}" = protocol=6 | dir=in | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{A755EBD4-F2A0-4286-9A74-874BCD01B8F6}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{ACE7D10D-6211-4E20-B666-360D3345CE03}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B1599FEF-5507-42DB-A0DA-22415E441A1F}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{B4F066FB-9BA1-4CD7-B947-1C5CEF73C169}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C9DF924C-B4C3-4384-82C9-26D42F3E13C1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CBA77AB5-56C0-435F-A8A9-25E0ECB377A1}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{CCEDA1DA-5666-4F70-AA2C-F5789AC5925D}" = protocol=6 | dir=out | app=c:\program files\iminent\mmserver\iminent.mmserver.exe |
"{D1ACB6F2-6DC6-4824-A087-B7A5CC098D48}" = protocol=17 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{D5287040-7B64-4EB3-AAFB-D97C91569C74}" = protocol=6 | dir=in | app=c:\program files\icq7.6\icq.exe |
"{F2EFD458-0BA7-4363-ADDA-4C89BCF58E7F}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{F9979FA7-E53E-49DB-B37D-FFD47D9A2726}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{FF68C0B4-7A8E-4836-935D-F84B25AAC677}" = protocol=6 | dir=in | app=c:\users\onkel\appdata\local\akamai\netsession_win.exe |
"TCP Query User{323839D8-7DA2-4128-BF5B-7C89D7E65425}D:\terra online\esfs.exe" = protocol=6 | dir=in | app=d:\terra online\esfs.exe |
"TCP Query User{392E3722-178E-4AB7-9BAF-270CA13D1519}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7BC836BB-C926-4730-B425-30D3C69DF1E9}C:\users\onkel\downloads\awesom-o 5 beta 3.5.1\awesom-o 5 beta 3.5.1\awesom-o.exe" = protocol=6 | dir=in | app=c:\users\onkel\downloads\awesom-o 5 beta 3.5.1\awesom-o 5 beta 3.5.1\awesom-o.exe |
"TCP Query User{C26B8827-DB5D-4F5A-BF5B-CCA8557F2D3C}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{F358276C-1F5F-41EE-AC8F-5BF1B47C16FC}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{4075E799-4D8D-4E27-B46B-3C8DD053C91A}D:\terra online\esfs.exe" = protocol=17 | dir=in | app=d:\terra online\esfs.exe |
"UDP Query User{6FF8D103-B79F-4111-95F6-EBE7240CA9DD}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{852EBD0A-D488-46A4-B7D5-A5213D9EC3DE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{94E93B53-49DE-4F43-8A14-9B968F931803}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{95F78531-D8A7-4C6E-A783-482449A4EF5D}C:\users\onkel\downloads\awesom-o 5 beta 3.5.1\awesom-o 5 beta 3.5.1\awesom-o.exe" = protocol=17 | dir=in | app=c:\users\onkel\downloads\awesom-o 5 beta 3.5.1\awesom-o 5 beta 3.5.1\awesom-o.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{18DB3375-0649-4EA3-959A-44F1ACD278BA}" = IncrediMail
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{23B14BE4-5277-40B2-B602-3FCD456C27BC}" = Protector Suite QL 5.8
"{24F5BFDD-18E0-41F6-8A68-A22C742FC4A1}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{29042B1C-0713-4575-B7CA-5C8E7B0899D4}" = MySQL Connector/ODBC 5.1
"{3127F76D-5335-4AC7-BD1E-2F5247A23C24}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B772F48-58A8-48C1-8F93-0AA960767FCA}" = Linkury Smartbar
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87725CEF-1BC6-47C5-B2CD-96DD6D392EE3}" = Dolby Control Center
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1" = ClipGrab 3.1.0.2
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5
"{A81A974F-8A22-43E6-9243-5198FF758DA1}" = SweetIM for Messenger 3.6
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96011C1-2089-4A7C-82C6-CFCDC92D7CD9}_is1" = xTGaminG RF Client version 2.2.4
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{AF2D5B54-36DE-471E-B9C8-58E4B2B951C6}" = Iminent
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"5D38134BF8A10D640B30E6B014EECDBC5F881E3D" = Windows Driver Package - ENE (enecir) HIDClass (04/29/2008 2.5.0.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Akamai" = Akamai NetSession Interface Service
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"Babylon" = Babylon
"BabylonToolbar" = Babylon toolbar on IE
"Cheat Engine 6.1_is1" = Cheat Engine 6.1
"ClipGrab Toolbar" = ClipGrab Toolbar
"DealPly" = DealPly
"ExpressBurn" = Express Burn Disc Burning Software
"ExpressRip" = Express Rip
"Google Chrome" = Google Chrome
"HD Tune_is1" = HD Tune 2.55
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IMBoosterARP" = Iminent
"IncrediMail" = IncrediMail 2.0
"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Ulead Burn.Now 4.5 SE
"IsoBuster Toolbar" = IsoBuster Toolbar
"IsoBuster_is1" = IsoBuster 2.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"NVIDIA Drivers" = NVIDIA Drivers
"PhotoScape" = PhotoScape
"TuneUpMedia" = TuneUp Companion 2.2.5
"uTorrent" = µTorrent
"Videora iPod Converter" = Videora iPod Converter 6
"WavePad" = WavePad Sound Editor
"WinRAR archiver" = WinRAR archiver
"YouTube Downloader App" = YouTube Downloader App 3.00
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"FoxTab FLV Player" = FoxTab FLV Player
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
|
|
26.11.2011, 21:02
| #3 |
| /// Selecta Jahrusso   | Problem laptop ist sehr langsam !!! Mein Name ist Daniel und ich werde dir mit deinem Malware Relvanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Vista und Win7 User Alle Tools mit Rechtsklick "als Administrator ausführen" starten. Schritt 1 Bitte
Bitte poste in deiner nächsten Antwort gmer.txt
__________________ |
|
30.11.2011, 17:10
| #4 |
| /// Selecta Jahrusso | Problem laptop ist sehr langsam !!! Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
| Themen zu Problem laptop ist sehr langsam !!! |
| anti, anti vir, explorer, guten, hilft, ie explorer, langsam, laptop, längerem, nichts, problem, rescue, rum, schließ, schließt, sehr langsam, spinn, spinnt, system, total, zusammen |
Linear-Darstellung
