|
Log-Analyse und Auswertung: Downloads extram langsam trotz 2000er LeitungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.06.2012, 17:46 | #1 |
| Downloads extram langsam trotz 2000er Leitung Meine Downloads sind seit heute Morgen extrem Langsam für eine DSL 2000er Leitung liegt die Downloadrate bei 30 - 40 kb/s die Sekunde. Habe schon bei Tele2 (meinem Anbieter) angerufen und nachgefragt und habe auch schon einige Änderungen am Router durch genommen aber der Download ist immer noch extrem langsam deswegen hoffe ich mal ihr könnt mir helfen. Vielleicht habe ich mir irgendwas eingefangen was die Downloadrate drosselt. Deswegen ist hier mal das Hijckthis Logfile. HiJackthis Logfile: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:41:07, on 26.06.2012 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe C:\Programme\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\RunDLL32.exe C:\WINDOWS\RTHDCPL.EXE C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Unlocker\UnlockerAssistant.exe C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe C:\Programme\SweetIM\Messenger\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE C:\Programme\PC Connectivity Solution\ServiceLayer.exe C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Programme\Media Player Classic - Home Cinema\mpc-hc.exe C:\Programme\Microsoft Office\Office10\WINWORD.EXE C:\Programme\Mozilla Firefox\firefox.exe C:\Programme\Windows Defender\MsMpEng.exe C:\Programme\Mozilla Firefox\plugin-container.exe C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads\HiJackThis204.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=4c70d55d000000000000001966670014 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll O2 - BHO: facemoods Helper - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\Softonic\1.5.21.0\bh\Softonic.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file missing) O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login O4 - HKLM\..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe /installquiet O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [facemoods] "C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" /md I O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programme\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe O4 - HKLM\..\Run: [DivXUpdate] "C:\Programme\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\WINDOWS\TEMP\E_SE4.tmp" /EF "HKCU" O4 - HKCU\..\Run: [svchost.exe] C:\Dokumente und Einstellungen\user\Anwendungsdaten\DbqjTCEYBGTdyM\zlNjiKrJuyZyKE\3.10.25.5044\svchost.exe O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\menuext.html O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe O23 - Service: ServiceLayer - Nokia - C:\Programme\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- End of file - 9315 bytes Hier mal mein Anti Malewarebytes Log Bitte um Hilfe. Problem ist ja oben schon beschrieben. Malwarebytes Anti-Malware (Test) 1.61.0.1400 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.06.26.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 user :: USER-7DAA30691B [Administrator] Schutz: Aktiviert 26.06.2012 19:15:21 mbam-log-2012-06-26 (19-15-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 210775 Laufzeit: 5 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SETUP.EXE (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchost.exe (Trojan.Agent) -> Daten: C:\Dokumente und Einstellungen\user\Anwendungsdaten\DbqjTCEYBGTdyM\zlNjiKrJuyZyKE\3.10.25.5044\svchost.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\BetterInstaller.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\setup.exe (Heuristics.Shuriken) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\is-ABQ9U.tmp\is-ABQ9U.tmp.exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malewarebytes Log ist erstellt. OTL TXT Code:
ATTFilter OTL logfile created on: 26.06.2012 19:40:18 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,63% Memory free 3,85 Gb Paging File | 3,25 Gb Available in Paging File | 84,44% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 1397,25 Gb Total Space | 786,60 Gb Free Space | 56,30% Space Free | Partition Type: NTFS Drive G: | 931,28 Gb Total Space | 139,63 Gb Free Space | 14,99% Space Free | Partition Type: FAT32 Drive I: | 465,76 Gb Total Space | 55,78 Gb Free Space | 11,98% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 54,50 Gb Free Space | 5,85% Space Free | Partition Type: NTFS Computer Name: USER-7DAA30691B | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.26 19:38:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads\OTL.exe PRC - [2012.06.16 06:01:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.09.05 15:46:50 | 000,362,200 | ---- | M] (facemoods.com) -- C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe PRC - [2011.07.22 23:45:12 | 009,981,952 | ---- | M] (MPC-HC Team) -- C:\Programme\Media Player Classic - Home Cinema\mpc-hc.exe PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE PRC - [2007.02.20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe PRC - [2006.11.03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe ========== Modules (No Company Name) ========== MOD - [2012.06.16 06:01:18 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.12.11 01:08:10 | 000,171,008 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\libbluray.dll MOD - [2011.12.08 22:16:50 | 006,267,396 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\avcodec-lav-53.dll MOD - [2011.12.08 22:16:50 | 000,968,858 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\avformat-lav-53.dll MOD - [2011.12.08 22:16:50 | 000,202,728 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\avutil-lav-51.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll MOD - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe MOD - [2009.12.08 19:50:04 | 003,565,056 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\ffdshow.ax MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.09.12 13:46:24 | 000,227,328 | ---- | M] () -- C:\WINDOWS\system32\ac3DX.ax ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.06.16 06:01:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2006.11.03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.26 19:22:55 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\cpjwek.sys -- (rxtj) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.01.11 15:11:33 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.11.28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\anvsnddrv.sys -- (anvsnddrv) DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.24 21:39:38 | 000,323,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2011.06.02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.11.01 15:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=4c70d55d000000000000001966670014 IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=4c70d55d000000000000001966670014 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "google.ch" FF - prefs.js..keyword.URL: "hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=4c70d55d000000000000001966670014&q=" FF - prefs.js..network.proxy.http: "109.123.126.253" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.16 17:42:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.16 06:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 17:42:44 | 000,000,000 | ---D | M] [2012.04.16 12:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2012.06.16 05:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\nj6unnts.default\extensions [2012.01.11 15:18:55 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\nj6unnts.default\extensions\ffxtlbr@Facemoods.com [2012.04.16 20:30:39 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\nj6unnts.default\searchplugins\sweetim.xml [2012.03.18 07:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.14 19:22:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.02.22 08:51:35 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NJ6UNNTS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.16 05:50:51 | 000,182,698 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NJ6UNNTS.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.03.10 19:55:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.01.10 19:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.06.16 06:01:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.03 20:48:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.16 15:53:38 | 000,002,298 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.05.03 20:48:57 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.05.03 20:48:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.11 15:18:55 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml [2012.05.03 20:48:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.03 20:48:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.03 20:48:57 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.16 11:28:30 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 212.247.152.14 193.12.150.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CD6BB86-1791-4E22-BADE-AF11439D27E6}: DhcpNameServer = 192.168.1.254 212.247.152.14 193.12.150.14 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.10 15:25:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 19:10:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2012.06.26 19:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.26 19:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.26 19:09:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.26 19:09:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.12 05:54:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Teen Wolf Season 2 [2012.06.09 20:33:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free Audio Pack [2012.06.09 20:33:51 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012.06.09 20:33:51 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012.06.09 20:33:51 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012.06.09 20:33:51 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012.06.09 20:33:51 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012.06.09 20:33:51 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012.06.09 20:33:51 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012.06.09 20:33:51 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012.06.09 20:33:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\FreeAudioPack [2012.06.09 20:33:50 | 000,000,000 | ---D | C] -- C:\Programme\Free mp3 Wma Converter [2012.06.09 20:26:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Hemi Synch [2012.06.09 15:42:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Astralreisen [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.26 19:42:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.26 19:38:19 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{33132427-8F55-4FA9-A26A-3FAA1349C7C8}.job [2012.06.26 19:37:32 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2012.06.26 19:22:55 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpjwek.sys [2012.06.26 18:39:17 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012.06.26 05:35:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.25 06:53:52 | 000,001,057 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\vso_ts_preview.xml [2012.06.24 12:39:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.13 14:42:42 | 000,015,428 | ---- | M] () -- C:\Dokumente und Einstellungen\user\RefEdit.exd [2012.05.31 06:12:50 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.26 19:37:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2012.06.26 19:22:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpjwek.sys [2012.06.13 14:42:42 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\user\RefEdit.exd [2012.06.09 20:33:51 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012.06.09 20:33:50 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2012.05.18 19:55:14 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.04.17 07:59:47 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2012.04.16 20:40:08 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2012.04.16 16:22:34 | 000,063,684 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012.04.15 13:11:35 | 000,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AutoGK.ini [2012.03.30 21:41:23 | 000,949,648 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.03.25 12:25:45 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\user\.recently-used.xbel [2012.03.14 08:56:36 | 000,000,668 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.03.08 18:42:55 | 000,000,469 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2012.02.16 07:32:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.08 20:24:45 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\user\default.pls [2012.02.04 22:35:28 | 000,001,057 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\vso_ts_preview.xml [2012.02.04 22:34:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\chrtmp [2012.01.18 11:54:10 | 000,040,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HKCU.reg [2012.01.14 21:03:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012.01.11 16:53:28 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.11 15:37:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.01.11 15:06:21 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2012.01.11 15:06:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2012.01.11 15:06:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2012.01.11 15:06:21 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2012.01.11 15:06:21 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2012.01.11 15:06:21 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2012.01.11 15:06:21 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2012.01.11 15:06:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2012.01.11 15:06:21 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2012.01.11 15:06:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2012.01.11 15:06:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2012.01.11 15:06:21 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2012.01.11 15:06:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2012.01.11 15:06:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2012.01.11 15:06:21 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2012.01.11 15:06:21 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2012.01.11 15:06:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2012.01.11 15:06:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2012.01.11 15:06:20 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2012.01.11 15:04:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini [2012.01.11 14:40:29 | 003,570,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.01.10 19:06:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012.01.10 18:38:53 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.01.10 18:38:53 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.01.10 18:38:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.01.10 18:38:17 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.01.10 15:58:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012.01.10 15:58:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.10 15:54:09 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2012.01.10 15:28:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.10 15:21:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.01.10 14:32:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.07 08:53:24 | 004,770,816 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2011.07.12 16:56:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll ========== LOP Check ========== [2012.06.01 06:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.04.16 15:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.01.11 15:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.04.16 21:24:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dvdfab [2012.01.11 15:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012.04.16 16:13:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2012.05.10 06:44:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.04.16 11:44:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.05.10 06:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.04.20 08:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2012.04.01 14:35:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate [2012.04.01 14:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate Collection [2012.04.16 15:46:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2012.04.19 08:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenCapture [2012.04.16 15:44:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2012.03.30 21:01:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2012.04.19 08:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2012.05.09 13:33:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.01.11 15:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2012.01.18 11:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VistaCodecs [2012.02.05 11:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk [2012.04.20 18:42:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Xilisoft [2012.05.09 13:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AnvSoft [2012.04.20 07:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\avidemux [2012.04.16 15:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Babylon [2012.04.19 08:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\BabylonToolbar [2012.04.16 16:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.04.16 17:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DDMSettings [2012.04.16 12:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\facemoods.com [2012.06.09 20:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\FreeAudioPack [2012.03.03 21:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\gtk-2.0 [2012.02.21 07:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ImTOO [2012.03.30 06:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MAGIX [2012.04.16 11:37:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\No Company Name [2012.05.10 06:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Nokia [2012.01.21 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Opera [2012.05.10 06:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC Suite [2012.04.16 19:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Publish Providers [2012.01.18 10:04:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\QuickStoresToolbar [2012.04.19 08:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Softonic [2012.04.18 20:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sony [2012.04.16 19:39:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sony Creative Software Inc [2012.04.16 20:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\systweak [2012.01.18 11:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\VistaCodecs [2012.06.25 06:53:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Vso [2012.04.20 18:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Xilisoft [2012.06.26 18:39:17 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012.06.26 19:38:19 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{33132427-8F55-4FA9-A26A-3FAA1349C7C8}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL logfile created on: 26.06.2012 19:40:18 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,63% Memory free 3,85 Gb Paging File | 3,25 Gb Available in Paging File | 84,44% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 1397,25 Gb Total Space | 786,60 Gb Free Space | 56,30% Space Free | Partition Type: NTFS Drive G: | 931,28 Gb Total Space | 139,63 Gb Free Space | 14,99% Space Free | Partition Type: FAT32 Drive I: | 465,76 Gb Total Space | 55,78 Gb Free Space | 11,98% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 54,50 Gb Free Space | 5,85% Space Free | Partition Type: NTFS Computer Name: USER-7DAA30691B | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.26 19:38:45 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads\OTL.exe PRC - [2012.06.16 06:01:20 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.18 15:02:04 | 000,254,696 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.01.04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe PRC - [2012.01.04 13:32:10 | 000,126,504 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclRSSrv.exe PRC - [2011.09.05 15:46:50 | 000,362,200 | ---- | M] (facemoods.com) -- C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe PRC - [2011.07.22 23:45:12 | 009,981,952 | ---- | M] (MPC-HC Team) -- C:\Programme\Media Player Classic - Home Cinema\mpc-hc.exe PRC - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe PRC - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe PRC - [2008.04.14 07:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007.12.13 08:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEFE.EXE PRC - [2007.02.20 11:07:40 | 000,199,752 | ---- | M] (Pinnacle Systems GmbH) -- C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe PRC - [2006.11.03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MsMpEng.exe ========== Modules (No Company Name) ========== MOD - [2012.06.16 06:01:18 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.04.04 07:53:56 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2011.12.11 01:08:10 | 000,171,008 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\libbluray.dll MOD - [2011.12.08 22:16:50 | 006,267,396 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\avcodec-lav-53.dll MOD - [2011.12.08 22:16:50 | 000,968,858 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\avformat-lav-53.dll MOD - [2011.12.08 22:16:50 | 000,202,728 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\avutil-lav-51.dll MOD - [2011.05.28 23:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.07.04 23:32:38 | 000,010,752 | ---- | M] () -- C:\Programme\Unlocker\UnlockerCOM.dll MOD - [2010.07.04 23:32:36 | 000,004,608 | ---- | M] () -- C:\Programme\Unlocker\UnlockerHook.dll MOD - [2010.07.04 21:51:26 | 000,017,408 | ---- | M] () -- C:\Programme\Unlocker\UnlockerAssistant.exe MOD - [2009.12.08 19:50:04 | 003,565,056 | ---- | M] () -- C:\Programme\VistaCodecPack\filters\ffdshow.ax MOD - [2008.04.14 07:52:18 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll MOD - [2006.09.12 13:46:24 | 000,227,328 | ---- | M] () -- C:\WINDOWS\system32\ac3DX.ax ========== Win32 Services (SafeList) ========== SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - [2012.06.16 06:01:19 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.08 06:50:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.08.27 17:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2006.11.03 20:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MsMpEng.exe -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - [2012.06.26 19:22:55 | 000,054,016 | ---- | M] () [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\cpjwek.sys -- (rxtj) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.01.11 15:11:33 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2011.11.28 14:51:44 | 000,032,896 | ---- | M] (AnvSoft Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\anvsnddrv.sys -- (anvsnddrv) DRV - [2011.11.01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt) DRV - [2011.11.01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev) DRV - [2011.11.01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc) DRV - [2011.08.24 21:39:38 | 000,323,816 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2011.06.02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\SystemRequirementsLab\cpudrv.sys -- (cpudrv) DRV - [2010.07.04 21:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5) DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2007.11.01 15:38:56 | 004,620,288 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2005.09.23 22:18:32 | 000,171,520 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=4c70d55d000000000000001966670014 IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.babylon.com/web/{searchTerms}?babsrc=browsersearch&babsrc=SP_ss&mntrId=4c70d55d000000000000001966670014 IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10005’ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.startup.homepage: "google.ch" FF - prefs.js..keyword.URL: "hxxp://isearch.babylon.com/?babsrc=adbartrp&babsrc=SP_ss&mntrId=4c70d55d000000000000001966670014&q=" FF - prefs.js..network.proxy.http: "109.123.126.253" FF - prefs.js..network.proxy.http_port: 8080 FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co" FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.04.16 17:42:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.06.16 06:01:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.04.16 17:42:44 | 000,000,000 | ---D | M] [2012.04.16 12:16:40 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions [2012.06.16 05:50:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\nj6unnts.default\extensions [2012.01.11 15:18:55 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\nj6unnts.default\extensions\ffxtlbr@Facemoods.com [2012.04.16 20:30:39 | 000,003,915 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\nj6unnts.default\searchplugins\sweetim.xml [2012.03.18 07:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.01.14 19:22:45 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de [2012.02.22 08:51:35 | 000,634,964 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NJ6UNNTS.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.16 05:50:51 | 000,182,698 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\USER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\NJ6UNNTS.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.03.10 19:55:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2012.01.10 19:22:42 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.06.16 06:01:20 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.05.03 20:48:57 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.16 15:53:38 | 000,002,298 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml [2012.05.03 20:48:57 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.05.03 20:48:57 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.01.11 15:18:55 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml [2012.05.03 20:48:57 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.05.03 20:48:57 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.05.03 20:48:57 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.16 11:28:30 | 000,000,850 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Programme\Softonic\Softonic\1.5.21.0\bh\Softonic.dll (Softonic.com) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Programme\Softonic\Softonic\1.5.21.0\SoftonicTlbr.dll (Softonic.com) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKCU\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Programme\Gemeinsame Dateien\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Programme\Gemeinsame Dateien\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [DivXUpdate] C:\Programme\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Gemeinsame Dateien\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [UnlockerAssistant] C:\Programme\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [USBToolTip] C:\Programme\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [EPSON Stylus SX200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [PC Suite Tray] C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Web-Suche - C:\Programme\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 212.247.152.14 193.12.150.14 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CD6BB86-1791-4E22-BADE-AF11439D27E6}: DhcpNameServer = 192.168.1.254 212.247.152.14 193.12.150.14 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Programme\Windows Defender\MpShHook.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.01.10 15:25:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 19:10:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Malwarebytes [2012.06.26 19:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2012.06.26 19:09:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2012.06.26 19:09:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2012.06.26 19:09:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2012.06.12 05:54:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Teen Wolf Season 2 [2012.06.09 20:33:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Free Audio Pack [2012.06.09 20:33:51 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDesign.dll [2012.06.09 20:33:51 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudFile.dll [2012.06.09 20:33:51 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioInfos.dll [2012.06.09 20:33:51 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioVisu.dll [2012.06.09 20:33:51 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudPlayer.dll [2012.06.09 20:33:51 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudioRecord.dll [2012.06.09 20:33:51 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\AudDisplay.dll [2012.06.09 20:33:51 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\WINDOWS\System32\WMAFile.dll [2012.06.09 20:33:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\FreeAudioPack [2012.06.09 20:33:50 | 000,000,000 | ---D | C] -- C:\Programme\Free mp3 Wma Converter [2012.06.09 20:26:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Hemi Synch [2012.06.09 15:42:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Astralreisen [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.26 19:42:13 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.06.26 19:38:19 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{33132427-8F55-4FA9-A26A-3FAA1349C7C8}.job [2012.06.26 19:37:32 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2012.06.26 19:22:55 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\cpjwek.sys [2012.06.26 18:39:17 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job [2012.06.26 05:35:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.06.25 06:53:52 | 000,001,057 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\vso_ts_preview.xml [2012.06.24 12:39:51 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2012.06.13 14:42:42 | 000,015,428 | ---- | M] () -- C:\Dokumente und Einstellungen\user\RefEdit.exd [2012.05.31 06:12:50 | 000,002,953 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.26 19:37:32 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\user\defogger_reenable [2012.06.26 19:22:54 | 000,054,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\cpjwek.sys [2012.06.13 14:42:42 | 000,015,428 | ---- | C] () -- C:\Dokumente und Einstellungen\user\RefEdit.exd [2012.06.09 20:33:51 | 000,116,296 | ---- | C] () -- C:\WINDOWS\System32\NCTWMAProfiles.prx [2012.06.09 20:33:50 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2012.05.18 19:55:14 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2012.04.17 07:59:47 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2012.04.16 20:40:08 | 000,107,520 | ---- | C] () -- C:\WINDOWS\System32\TAKDSDecoder.dll [2012.04.16 16:22:34 | 000,063,684 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2012.04.15 13:11:35 | 000,000,597 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AutoGK.ini [2012.03.30 21:41:23 | 000,949,648 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.03.25 12:25:45 | 000,001,586 | ---- | C] () -- C:\Dokumente und Einstellungen\user\.recently-used.xbel [2012.03.14 08:56:36 | 000,000,668 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol [2012.03.08 18:42:55 | 000,000,469 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini [2012.02.16 07:32:43 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.02.08 20:24:45 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\user\default.pls [2012.02.04 22:35:28 | 000,001,057 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\vso_ts_preview.xml [2012.02.04 22:34:43 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\chrtmp [2012.01.18 11:54:10 | 000,040,616 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HKCU.reg [2012.01.14 21:03:43 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2012.01.11 16:53:28 | 000,015,872 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.11 15:37:05 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.01.11 15:06:21 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2012.01.11 15:06:21 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2012.01.11 15:06:21 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2012.01.11 15:06:21 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2012.01.11 15:06:21 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2012.01.11 15:06:21 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2012.01.11 15:06:21 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2012.01.11 15:06:21 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2012.01.11 15:06:21 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2012.01.11 15:06:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2012.01.11 15:06:21 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2012.01.11 15:06:21 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2012.01.11 15:06:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2012.01.11 15:06:21 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2012.01.11 15:06:21 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2012.01.11 15:06:21 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2012.01.11 15:06:21 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2012.01.11 15:06:21 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2012.01.11 15:06:20 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2012.01.11 15:04:06 | 000,000,025 | ---- | C] () -- C:\WINDOWS\CDE SX200DEFGIPS.ini [2012.01.11 14:40:29 | 003,570,296 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.01.10 19:06:18 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2012.01.10 18:38:53 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2012.01.10 18:38:53 | 000,285,176 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2012.01.10 18:38:53 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2012.01.10 18:38:17 | 002,130,002 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2012.01.10 15:58:32 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2012.01.10 15:58:15 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.01.10 15:54:09 | 000,081,936 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2012.01.10 15:28:37 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2012.01.10 15:21:52 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2012.01.10 14:32:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2011.12.07 08:53:24 | 004,770,816 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll [2011.07.12 16:56:50 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll ========== LOP Check ========== [2012.06.01 06:44:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVAST Software [2012.04.16 15:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Babylon [2012.01.11 15:10:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite [2012.04.16 21:24:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\dvdfab [2012.01.11 15:05:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EPSON [2012.04.16 16:13:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\espionServerData [2012.05.10 06:44:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Installations [2012.04.16 11:44:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MAGIX [2012.05.10 06:48:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Suite [2012.04.20 08:29:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle [2012.04.01 14:35:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate [2012.04.01 14:46:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Pinnacle Studio Ultimate Collection [2012.04.16 15:46:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\regid.1986-12.com.adobe [2012.04.19 08:21:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScreenCapture [2012.04.16 15:44:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SmartSound Software Inc [2012.03.30 21:01:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2012.04.19 08:22:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SweetIM [2012.05.09 13:33:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.01.11 15:15:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\UDL [2012.01.18 11:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\VistaCodecs [2012.02.05 11:39:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\vsosdk [2012.04.20 18:42:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Xilisoft [2012.05.09 13:32:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\AnvSoft [2012.04.20 07:56:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\avidemux [2012.04.16 15:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Babylon [2012.04.19 08:22:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\BabylonToolbar [2012.04.16 16:21:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.04.16 17:49:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\DDMSettings [2012.04.16 12:11:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\facemoods.com [2012.06.09 20:34:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\FreeAudioPack [2012.03.03 21:20:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\gtk-2.0 [2012.02.21 07:50:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ImTOO [2012.03.30 06:33:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\MAGIX [2012.04.16 11:37:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\No Company Name [2012.05.10 06:48:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Nokia [2012.01.21 23:09:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Opera [2012.05.10 06:48:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\PC Suite [2012.04.16 19:32:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Publish Providers [2012.01.18 10:04:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\QuickStoresToolbar [2012.04.19 08:22:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Softonic [2012.04.18 20:01:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sony [2012.04.16 19:39:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Sony Creative Software Inc [2012.04.16 20:39:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\systweak [2012.01.18 11:53:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\VistaCodecs [2012.06.25 06:53:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Vso [2012.04.20 18:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Xilisoft [2012.06.26 18:39:17 | 000,000,322 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job [2012.06.26 19:38:19 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{33132427-8F55-4FA9-A26A-3FAA1349C7C8}.job ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.06.2012 19:40:18 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,63% Memory free 3,85 Gb Paging File | 3,25 Gb Available in Paging File | 84,44% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 1397,25 Gb Total Space | 786,60 Gb Free Space | 56,30% Space Free | Partition Type: NTFS Drive G: | 931,28 Gb Total Space | 139,63 Gb Free Space | 14,99% Space Free | Partition Type: FAT32 Drive I: | 465,76 Gb Total Space | 55,78 Gb Free Space | 11,98% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 54,50 Gb Free Space | 5,85% Space Free | Partition Type: NTFS Computer Name: USER-7DAA30691B | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung "80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) "4662:TCP" = 4662:TCP:*:Enabled:Emule "4672:UDP" = 4672:UDP:*:Enabled:Emule "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule "C:\Programme\Pinnacle\Studio 15\Programs\RM.exe" = C:\Programme\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager "C:\Programme\Pinnacle\Studio 15\Programs\Studio.exe" = C:\Programme\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio "C:\Programme\Pinnacle\Studio 15\Programs\umi.exe" = C:\Programme\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4 "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6 "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347 "{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}" = Pinnacle Studio 15 Ultimate Plugins "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "5513-1208-7298-9440" = JDownloader 0.9 "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.6 "AutoGK" = Auto Gordian Knot 2.55 "Avidemux 2.5" = Avidemux 2.5 (32-bit) "BabylonToolbar" = Babylon toolbar on IE "CDex" = CDex - Open Source Digital Audio CD Extractor "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 8 Qt_is1" = DVDFab 8.1.7.5 (07/04/2012) Qt "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall "EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch "facemoods" = Facemoods Toolbar "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2 "HaaliMkx" = Haali Media Splitter "ie8" = Windows Internet Explorer 8 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "IrfanView" = IrfanView (remove only) "Knoll Light Factory EZ Studio 15" = Knoll Light Factory EZ Studio 15 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MediaInfo" = MediaInfo 0.7.56 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "MosChip 7830 USB-Ethernet Adapter Device" = MosChip 7830 USB-Ethernet Adapter Device "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NeroVision!UninstallKey" = Nero Digital "Nokia PC Suite" = Nokia PC Suite "Opera 11.62.1347" = Opera 11.62 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0 "Red Giant ToonIt Studio 15" = Red Giant ToonIt Studio 15 "Screen Capturer" = Screen Capturer "Softonic" = Softonic toolbar on IE and Chrome "Unlocker" = Unlocker 1.9.1 "VLC media player" = VLC media player 1.1.11 "VobSub" = VobSub v2.23 (Remove Only) "vsfilter_is1" = DirectVobSub 2.40.3971 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Xvid_is1" = Xvid 1.2.2 final uninstall ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.04.2012 09:43:18 | Computer Name = USER-7DAA30691B | Source = MsiInstaller | ID = 11931 Description = Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the file is protected by Windows. You may need to update your operating system for this program to work correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0 Error - 16.04.2012 14:29:55 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung is-abq9u.tmp.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00d613e0. Error - 20.04.2012 01:59:24 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung player.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 20.04.2012 02:01:16 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul dvd-plugin.plg, Version 1.0.1.1106, Fehleradresse 0x00005c52. Error - 20.04.2012 02:01:28 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung player.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 20.04.2012 02:01:28 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul dvd-plugin.plg, Version 1.0.1.1106, Fehleradresse 0x00005c52. Error - 21.04.2012 00:59:32 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul avc.exe, Version 1.0.7.1219, Fehleradresse 0x000074b6. Error - 21.04.2012 00:59:46 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul avc.exe, Version 1.0.7.1219, Fehleradresse 0x000074b6. Error - 06.05.2012 02:53:02 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung divx plus player.exe, Version 10.3.2.6, fehlgeschlagenes Modul qtcore4.dll, Version 4.5.0.0, Fehleradresse 0x000e1b16. Error - 18.05.2012 22:56:12 | Computer Name = USER-7DAA30691B | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 22.05.2012 00:26:46 | Computer Name = USER-7DAA30691B | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst avast! Antivirus. Error - 17.06.2012 08:30:07 | Computer Name = USER-7DAA30691B | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.1 für die Netzwerkkarte mit der Netzwerkadresse 001966670014 wurde durch den DHCP-Server 192.168.1.254 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 26.06.2012 12:36:00 | Computer Name = USER-7DAA30691B | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Defender" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Starten Sie den Dienst neu.. Error - 26.06.2012 12:36:18 | Computer Name = USER-7DAA30691B | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 26.06.2012 12:44:12 | Computer Name = USER-7DAA30691B | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.1 für die Netzwerkkarte mit der Netzwerkadresse 001966670014 wurde durch den DHCP-Server 192.168.1.254 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > Code:
ATTFilter OTL Extras logfile created on: 26.06.2012 19:40:18 - Run 1 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 60,63% Memory free 3,85 Gb Paging File | 3,25 Gb Available in Paging File | 84,44% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 1397,25 Gb Total Space | 786,60 Gb Free Space | 56,30% Space Free | Partition Type: NTFS Drive G: | 931,28 Gb Total Space | 139,63 Gb Free Space | 14,99% Space Free | Partition Type: FAT32 Drive I: | 465,76 Gb Total Space | 55,78 Gb Free Space | 11,98% Space Free | Partition Type: NTFS Drive K: | 931,51 Gb Total Space | 54,50 Gb Free Space | 5,85% Space Free | Partition Type: NTFS Computer Name: USER-7DAA30691B | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [Bridge] -- C:\Programme\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "UpdatesDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "5985:TCP" = 5985:TCP:*:Disabled:Windows-Remoteverwaltung "80:TCP" = 80:TCP:*:Disabled:Windows-Remoteverwaltung - Kompatibilitätsmodus (HTTP eingehend) "4662:TCP" = 4662:TCP:*:Enabled:Emule "4672:UDP" = 4672:UDP:*:Enabled:Emule "1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007 "2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe" = C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe:*:Enabled:Daemonu.exe -- (NVIDIA Corporation) "C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.) "C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software) "C:\Programme\eMule\emule.exe" = C:\Programme\eMule\emule.exe:*:Enabled:eMule "C:\Programme\Pinnacle\Studio 15\Programs\RM.exe" = C:\Programme\Pinnacle\Studio 15\Programs\RM.exe:*:Enabled:Render Manager "C:\Programme\Pinnacle\Studio 15\Programs\Studio.exe" = C:\Programme\Pinnacle\Studio 15\Programs\Studio.exe:*:Enabled:Studio "C:\Programme\Pinnacle\Studio 15\Programs\umi.exe" = C:\Programme\Pinnacle\Studio 15\Programs\umi.exe:*:Enabled:umi ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{015C5B35-B678-451C-9AEE-821E8D69621C}_is1" = PeerBlock 1.0+ (r484) "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86 "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v1.5.2.3456 "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2F603A45-D956-496B-81B5-50D782424976}" = SweetPacks Toolbar for Internet Explorer 4.4 "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI) "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86 "{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "{6DE721A5-5E89-4D74-994C-652BB3C0672E}" = Pinnacle Video Treiber "{70C592EC-AE9B-4734-928B-676E824FB41E}" = MFC RunTime files "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage "{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1 "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender "{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5 "{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}" = Nokia PC Suite "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{AEB9948B-4FF2-47C9-990E-47014492A0FE}" = MSXML 6.0 Parser "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.58 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView" = NVIDIA nView 135.95 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86 "{B85C4CB2-B352-4BD8-818C-BCE353599107}" = SweetIM for Messenger 3.6 "{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU "{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86 "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86 "{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare "{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.9.347 "{EB5DF19E-75D5-4FF1-AE23-2A9A2E0F2BDD}" = Pinnacle Studio 15 Ultimate Plugins "{EFE3D683-903C-4B58-AB8F-C68C69F33758}" = System Requirements Lab for Intel "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) "5513-1208-7298-9440" = JDownloader 0.9 "72A50F48CC5601190B9C4E74D81161693133E7F7" = Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Any Video Converter Ultimate_is1" = Any Video Converter Ultimate 4.3.6 "AutoGK" = Auto Gordian Knot 2.55 "Avidemux 2.5" = Avidemux 2.5 (32-bit) "BabylonToolbar" = Babylon toolbar on IE "CDex" = CDex - Open Source Digital Audio CD Extractor "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help "DAEMON Tools Lite" = DAEMON Tools Lite "DivX Setup" = DivX-Setup "DVD Decrypter" = DVD Decrypter (Remove Only) "DVD Shrink_is1" = DVD Shrink 3.2 "DVDFab 8 Qt_is1" = DVDFab 8.1.7.5 (07/04/2012) Qt "E0AC723A3DE3A04256288CADBBB011B112AED454" = Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200 Series" = EPSON Stylus SX200 Series Printer Uninstall "EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch "facemoods" = Facemoods Toolbar "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2 "HaaliMkx" = Haali Media Splitter "ie8" = Windows Internet Explorer 8 "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{6748E773-5DA0-4D19-8AA5-273B4133A09B}" = SmartSound Quicktracks for Premiere Elements 9.0 "IrfanView" = IrfanView (remove only) "Knoll Light Factory EZ Studio 15" = Knoll Light Factory EZ Studio 15 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "MediaInfo" = MediaInfo 0.7.56 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "MosChip 7830 USB-Ethernet Adapter Device" = MosChip 7830 USB-Ethernet Adapter Device "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition "NeroVision!UninstallKey" = Nero Digital "Nokia PC Suite" = Nokia PC Suite "Opera 11.62.1347" = Opera 11.62 "QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.1.0 "Red Giant ToonIt Studio 15" = Red Giant ToonIt Studio 15 "Screen Capturer" = Screen Capturer "Softonic" = Softonic toolbar on IE and Chrome "Unlocker" = Unlocker 1.9.1 "VLC media player" = VLC media player 1.1.11 "VobSub" = VobSub v2.23 (Remove Only) "vsfilter_is1" = DirectVobSub 2.40.3971 "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WinGimp-2.0_is1" = GIMP 2.6.12 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01009" = Microsoft User-Mode Driver Framework Feature Pack 1.9 "Xilisoft Video Converter Ultimate" = Xilisoft Video Converter Ultimate "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 "XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only) "Xvid_is1" = Xvid 1.2.2 final uninstall ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.04.2012 09:43:18 | Computer Name = USER-7DAA30691B | Source = MsiInstaller | ID = 11931 Description = Product: MSXML 6.0 Parser -- Error 1931. The Windows Installer service cannot update the system file C:\WINDOWS\system32\msxml6r.dll because the file is protected by Windows. You may need to update your operating system for this program to work correctly. Package version: 6.0.3883.0, OS Protected version: 6.0.3883.0 Error - 16.04.2012 14:29:55 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung is-abq9u.tmp.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00d613e0. Error - 20.04.2012 01:59:24 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung player.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 20.04.2012 02:01:16 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul dvd-plugin.plg, Version 1.0.1.1106, Fehleradresse 0x00005c52. Error - 20.04.2012 02:01:28 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung player.exe, Version 0.0.0.0, fehlgeschlagenes Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000. Error - 20.04.2012 02:01:28 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul dvd-plugin.plg, Version 1.0.1.1106, Fehleradresse 0x00005c52. Error - 21.04.2012 00:59:32 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul avc.exe, Version 1.0.7.1219, Fehleradresse 0x000074b6. Error - 21.04.2012 00:59:46 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung avc.exe, Version 1.0.7.1219, fehlgeschlagenes Modul avc.exe, Version 1.0.7.1219, Fehleradresse 0x000074b6. Error - 06.05.2012 02:53:02 | Computer Name = USER-7DAA30691B | Source = Application Error | ID = 1000 Description = Fehlgeschlagene Anwendung divx plus player.exe, Version 10.3.2.6, fehlgeschlagenes Modul qtcore4.dll, Version 4.5.0.0, Fehleradresse 0x000e1b16. Error - 18.05.2012 22:56:12 | Computer Name = USER-7DAA30691B | Source = PerfNet | ID = 2004 Description = Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0. [ System Events ] Error - 22.05.2012 00:26:46 | Computer Name = USER-7DAA30691B | Source = Service Control Manager | ID = 7011 Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung von Dienst avast! Antivirus. Error - 17.06.2012 08:30:07 | Computer Name = USER-7DAA30691B | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.1 für die Netzwerkkarte mit der Netzwerkadresse 001966670014 wurde durch den DHCP-Server 192.168.1.254 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). Error - 26.06.2012 12:36:00 | Computer Name = USER-7DAA30691B | Source = Service Control Manager | ID = 7031 Description = Der Dienst "Windows Defender" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 15000 Millisekunden durchgeführt: Starten Sie den Dienst neu.. Error - 26.06.2012 12:36:18 | Computer Name = USER-7DAA30691B | Source = Service Control Manager | ID = 7034 Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error - 26.06.2012 12:44:12 | Computer Name = USER-7DAA30691B | Source = Dhcp | ID = 1002 Description = Die IP-Adresslease 192.168.1.1 für die Netzwerkkarte mit der Netzwerkadresse 001966670014 wurde durch den DHCP-Server 192.168.1.254 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet). < End of report > Also gmer.exe lass ich heute nicht mehr durch laufen. Das mache ich Morgen wenn ich von der Arbeit komme vielleicht. Aber aufjeden Fall werde ich einen vollständigen Scan mit Maleware Bytes Morgen machen und auch meine externen Festplatten prüfen lassen. |
29.06.2012, 16:00 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Downloads extram langsam trotz 2000er Leitung Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
29.06.2012, 19:23 | #3 |
| Downloads extram langsam trotz 2000er Leitung Eset Onlinescanner lasse ich gerade durchlaufen also Downloads laufen alle wieder normal aber ich kann auf ein paar Websites nicht mehr richtig zugreifen. Na mal sehen was der Log sagt.
__________________So hier der Log von Eset wie gehts weiter? Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=34484ebcac9a8440b5e046ec4333ad26 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-29 07:02:34 # local_time=2012-06-29 09:02:34 (+0100, Westeuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777191 100 0 176736 176736 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 1671 1671 0 0 # scanned=96953 # found=14 # cleaned=14 # scan_time=3840 C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\tdll.dll möglicherweise Variante von Win32/Agent.CLKIJTB Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Temp\EBD4375D-BAB0-7891-86A9-216EAEAF7BBC\MyBabylonTB.exe Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarApp.dll Variante von Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarEng.dll Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarsrv.exe möglicherweise Variante von Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D9669184-F9D2-4AB7-8AD9-7E0CA071977C}\RP283\A0064125.dll Variante von Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D9669184-F9D2-4AB7-8AD9-7E0CA071977C}\RP283\A0064126.dll Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D9669184-F9D2-4AB7-8AD9-7E0CA071977C}\RP283\A0064127.exe möglicherweise Variante von Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D9669184-F9D2-4AB7-8AD9-7E0CA071977C}\RP283\A0064128.dll Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C C:\System Volume Information\_restore{D9669184-F9D2-4AB7-8AD9-7E0CA071977C}\RP283\A0064129.dll Win32/Toolbar.Babylon Anwendung (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C |
01.07.2012, 14:28 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Downloads extram langsam trotz 2000er Leitung Sry aber was hat du hier dran nicht verstanden: Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. Du hast nämlich alle Funde mit ESET einfach so löschen lassen! Außerdem hast du den Vollscan mit Malwarebytes vergessen
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Downloads extram langsam trotz 2000er Leitung |
7-zip, adobe, any video converter, babylon toolbar, babylontoolbar, bho, dateisystem, defender, drossel, dsl, einstellungen, excel, explorer, firefox, firefox 13.0.1, fontcache, heuristiks/extra, heuristiks/shuriken, hijack, hijackthis, hkus\s-1-5-18, home, internet, internet browser, internet explorer, jdownloader, langsam, locker, mozilla, msiinstaller, nvidia update, object, performance, plug-in, pup.adware.agent, pup.bundleinstaller.somoto, rundll, search the web, searchscopes, server, softonic, software, super, sweetim, sweetpacks, system, temp, usb, windows, windows internet, windows xp |