|
Plagegeister aller Art und deren Bekämpfung: PC ist langsam + Internet bricht abWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
20.09.2012, 20:09 | #1 |
| PC ist langsam + Internet bricht ab Hi ich habe zwar keine direkten Hinweise das mein PC befallen ist, aber er erscheint mir langsamer als früher und das Internet bricht ständig ab. Deshalb wollte ich mal hören ob das an irgendwelchen Viren oder so liegt. OTL.txt: Code:
ATTFilter OTL logfile created on: 20.09.2012 20:19:46 - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Daniel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19298) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,70% Memory free 6,21 Gb Paging File | 5,08 Gb Available in Paging File | 81,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 274,41 Gb Free Space | 61,56% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,66 Gb Free Space | 98,30% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.20 20:14:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2012.08.09 13:24:32 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.10 15:26:52 | 000,008,704 | ---- | M] (Microsoft) -- C:\Programme\Freemake\CaptureLib\CaptureLibService.exe PRC - [2012.05.08 20:45:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 20:45:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 20:45:23 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2010.05.10 12:14:16 | 000,186,848 | ---- | M] () -- C:\Windows\System32\WinService.exe PRC - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 12:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.05.30 16:36:40 | 000,550,160 | ---- | M] (Logitech(c)) -- C:\Programme\Logitech\Z-5 Speakers\Z-5 Speakers.exe PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.11.26 14:31:18 | 001,101,824 | ---- | M] (Ralink Technology, Corp.) -- C:\Programme\RALINK\Common\RaUI.exe PRC - [2007.11.14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.10.15 09:15:08 | 001,410,344 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.10.15 09:14:48 | 000,202,024 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMBgMonitor.exe PRC - [2007.06.27 10:18:40 | 000,215,256 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe PRC - [2007.06.27 10:18:20 | 000,293,080 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\CCU_Engine.exe PRC - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe PRC - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe PRC - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe PRC - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe PRC - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe PRC - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe PRC - [2007.06.27 10:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe PRC - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe PRC - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.02.11 07:30:38 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2008.05.30 16:36:38 | 000,144,656 | ---- | M] () -- C:\Programme\Logitech\Z-5 Speakers\LMPMdllExport.dll MOD - [2008.04.24 11:35:32 | 000,249,856 | ---- | M] () -- C:\Programme\Logitech\Z-5 Speakers\wxmsw28u_skin_vc_custom.dll MOD - [2008.04.24 11:35:20 | 002,428,928 | ---- | M] () -- C:\Programme\Logitech\Z-5 Speakers\wxmsw28u_core_vc_custom.dll MOD - [2008.04.24 11:35:12 | 000,618,496 | ---- | M] () -- C:\Programme\Logitech\Z-5 Speakers\wxmsw28u_adv_vc_custom.dll MOD - [2008.04.24 11:33:32 | 000,106,496 | ---- | M] () -- C:\Programme\Logitech\Z-5 Speakers\wxbase28u_xml_vc_custom.dll MOD - [2008.04.24 11:33:30 | 000,958,464 | ---- | M] () -- C:\Programme\Logitech\Z-5 Speakers\wxbase28u_vc_custom.dll ========== Services (SafeList) ========== SRV - [2012.09.07 18:04:19 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.30 19:31:19 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.08.25 13:02:16 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.10 15:26:52 | 000,008,704 | ---- | M] (Microsoft) [Auto | Running] -- C:\Programme\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture) SRV - [2012.05.08 20:45:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 20:45:23 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.05.10 12:14:16 | 000,186,848 | ---- | M] () [Auto | Running] -- C:\Windows\System32\WinService.exe -- (SCM_Service) SRV - [2010.02.21 01:05:18 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS) SRV - [2009.08.18 12:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.04.11 08:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc) SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.06.27 10:18:08 | 000,223,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) SRV - [2007.06.27 10:17:26 | 000,272,600 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager) SRV - [2007.06.27 10:17:12 | 000,446,680 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) SRV - [2007.06.27 10:16:02 | 000,157,912 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) SRV - [2007.06.27 10:15:28 | 000,039,640 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) SRV - [2007.06.27 10:15:14 | 000,059,096 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) SRV - [2007.06.27 10:14:46 | 000,317,656 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) SRV - [2007.06.27 10:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) SRV - [2007.02.12 11:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- D:\Medion\WinFlash.sys -- (WINFLASH) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | Disabled | Stopped] -- system32\DRIVERS\nvlddmkm.sys -- (nvlddmkm) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.05.08 20:45:23 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 20:45:23 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.08.19 00:46:06 | 000,026,112 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tapoas.sys -- (tapoas) DRV - [2011.07.01 11:46:40 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901) DRV - [2011.06.12 12:20:59 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2011.02.11 23:23:34 | 000,035,088 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2010.11.01 06:08:46 | 000,014,416 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Programme\IObit\Game Booster 3\Driver\WinRing0.sys -- (WinRing0_1_2_0) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.06.17 18:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 18:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 18:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 18:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi) DRV - [2008.01.18 21:55:22 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir) DRV - [2008.01.08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007.12.26 10:46:00 | 000,288,768 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v2.sys -- (RTL8187) DRV - [2007.11.21 11:35:06 | 000,569,344 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007.06.27 10:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2007.06.19 11:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2007.02.18 20:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2007.01.19 03:20:54 | 000,021,728 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{33D00C23-F804-48D0-9DFA-FB2D289A6BA6}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Winload Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.137.0 FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.66.2 FF - prefs.js..extensions.enabledAddons: foxyproxy@eric.h.jung:3.6.2 FF - prefs.js..extensions.enabledAddons: longurlplease@darragh.curran:0.5.1 FF - prefs.js..extensions.enabledAddons: netvideohunter@netvideohunter.com:1.9.1 FF - prefs.js..extensions.enabledAddons: fmdownloader@gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: donottrackplus@abine.com:2.2.1.829 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.2 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120910 FF - prefs.js..network.proxy.autoconfig_url: "file:///C:\\Users\\Daniel\\AppData\\Local\\Temp\\proxtube.pac" FF - prefs.js..network.proxy.no_proxies_on: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmdownloader@gmail.com: C:\Program Files\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ [2012.05.22 11:22:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 18:04:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 18:04:16 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.07 18:04:19 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.09.07 18:04:16 | 000,000,000 | ---D | M] [2011.07.05 17:38:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2012.09.20 17:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions [2012.09.20 17:35:10 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.05.11 15:45:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions\battlefieldheroespatcher@ea.com [2011.10.27 16:53:48 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions\battlefieldplay4free@ea.com [2012.08.31 15:44:01 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions\donottrackplus@abine.com [2012.05.21 20:54:20 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions\foxyproxy@eric.h.jung [2012.09.16 14:17:40 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions\ich@maltegoetz.de [2012.01.27 18:14:08 | 000,000,000 | ---D | M] ("NetVideoHunter") -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0qjuhz4z.default\extensions\netvideohunter@netvideohunter.com [2012.09.06 19:55:11 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\0qjuhz4z.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012.07.18 20:02:32 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\0qjuhz4z.default\extensions\longurlplease@darragh.curran.xpi [2012.07.25 18:27:42 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\0qjuhz4z.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.13 20:45:28 | 000,698,867 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\0qjuhz4z.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.08.29 22:56:22 | 000,007,915 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\0qjuhz4z.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js [2012.09.07 18:04:15 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.09.07 18:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.07 18:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.05.22 11:22:00 | 000,000,000 | ---D | M] (Freemake Video Downloader Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO DOWNLOADER\BROWSERPLUGIN\FIREFOX [2012.09.07 18:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.07 18:04:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.09.07 18:04:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.21 20:33:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 13:19:56 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.21 20:33:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.21 20:33:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.21 20:33:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.21 20:33:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.com CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Freemake np-plugin for google chrome (Enabled) = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\npFreemake.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.1.2_0\ CHR - Extension: YouTube = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Freemake Video Downloader = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf\1.0.0_0\ CHR - Extension: Google-Suche = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Do Not Track Plus = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.0.510_0\ CHR - Extension: AdBlock = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.42_0\ CHR - Extension: Google Mail = C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CCUTRAYICON] C:\Programme\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel(R) Corporation) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Z-5 Speakers] C:\Programme\Logitech\Z-5 Speakers\Z-5 Speakers.exe (Logitech(c)) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7C387F59-CEC1-4367-8335-635FDA88E300}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E392EB34-C582-4F70-BB8A-AC918624B9AC}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.09.20 20:14:18 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2012.09.17 21:25:53 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Wirtschaftspraktikum [2012.09.10 16:41:11 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\fontconfig [2012.09.10 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\gegl-0.2 [2012.09.10 16:41:09 | 000,000,000 | ---D | C] -- C:\Users\Daniel\.gimp-2.8 [2012.09.10 16:31:13 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 [2012.09.09 13:29:42 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\gegl-0.0 [2012.09.08 15:30:51 | 000,360,448 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe [2012.09.08 15:30:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\FreeFLVConverter [2012.09.08 15:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter [2012.09.08 15:29:46 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Mediachance [2012.09.08 15:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EditStudio6 [2012.09.08 15:28:17 | 000,000,000 | ---D | C] -- C:\Program Files\EditStudio6 [2012.09.07 18:04:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.09.05 22:09:35 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2012.09.05 22:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.05 22:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.09.02 14:29:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\Socusoft Photo to Video Converter [2012.09.02 14:29:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Socusoft [2012.08.30 19:32:21 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Documents\my games [2012.08.28 22:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\FreePDF_XP [2012.08.28 22:46:28 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\FreePDF [2012.08.28 22:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\gs [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.09.20 20:18:10 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2012.09.20 20:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.20 20:17:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.20 20:16:11 | 000,302,592 | ---- | M] () -- C:\Users\Daniel\Desktop\td2lf3bt.exe [2012.09.20 20:14:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2012.09.20 20:14:03 | 000,050,477 | ---- | M] () -- C:\Users\Daniel\Desktop\Defogger.exe [2012.09.20 19:38:59 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 19:38:59 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.20 19:24:14 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.20 17:38:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.20 17:38:52 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2012.09.19 22:21:05 | 000,006,088 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat [2012.09.19 17:11:12 | 000,055,296 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.09.14 19:20:34 | 000,013,772 | ---- | M] () -- C:\Users\Daniel\AppData\Local\recently-used.xbel [2012.09.09 23:11:27 | 000,409,256 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.09.07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.09.05 20:07:13 | 000,000,024 | ---- | M] () -- C:\Users\Daniel\random.dat [2012.09.05 20:00:54 | 000,000,046 | ---- | M] () -- C:\Users\Daniel\jagex_cl_runescape_LIVE1.dat [2012.09.05 20:00:54 | 000,000,032 | ---- | M] () -- C:\Users\Daniel\jagex_cl_runescape_LIVE.dat [2012.09.03 16:14:13 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.08.31 20:10:08 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.08.28 22:29:05 | 000,012,288 | ---- | M] () -- C:\Users\Daniel\Documents\lebenslauf daniel.wps [2012.08.28 22:26:04 | 000,011,264 | ---- | M] () -- C:\Users\Daniel\Documents\stenaline.wps [2012.08.26 21:46:42 | 000,014,848 | ---- | M] () -- C:\Users\Daniel\Documents\spanien2012.wps [2012.08.26 20:46:50 | 000,010,752 | ---- | M] () -- C:\Users\Daniel\Documents\spanienhandout.wps [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.09.20 20:18:10 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2012.09.20 20:16:10 | 000,302,592 | ---- | C] () -- C:\Users\Daniel\Desktop\td2lf3bt.exe [2012.09.20 20:14:03 | 000,050,477 | ---- | C] () -- C:\Users\Daniel\Desktop\Defogger.exe [2012.09.14 19:20:34 | 000,013,772 | ---- | C] () -- C:\Users\Daniel\AppData\Local\recently-used.xbel [2012.09.10 16:33:05 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.09.08 15:30:50 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx [2012.09.08 15:30:50 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb [2012.09.08 15:30:50 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx [2012.08.28 22:46:29 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2012.08.28 22:46:29 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe [2012.08.28 22:04:15 | 000,011,264 | ---- | C] () -- C:\Users\Daniel\Documents\stenaline.wps [2012.08.26 20:10:27 | 000,010,752 | ---- | C] () -- C:\Users\Daniel\Documents\spanienhandout.wps [2012.08.22 19:41:41 | 000,014,848 | ---- | C] () -- C:\Users\Daniel\Documents\spanien2012.wps [2012.08.05 18:47:53 | 000,010,240 | ---- | C] () -- C:\Users\Daniel\bewerbung provinzial.wps [2012.08.01 16:27:23 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.06.26 17:35:37 | 000,000,050 | ---- | C] () -- C:\Users\Daniel\jagex_cl_runescape_LIVE_BETA.dat [2012.06.26 17:35:37 | 000,000,024 | ---- | C] () -- C:\Users\Daniel\random.dat [2012.04.20 15:27:25 | 000,186,848 | ---- | C] () -- C:\Windows\System32\WinService.exe [2012.04.15 18:24:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.03.22 23:24:32 | 000,695,578 | ---- | C] () -- C:\Windows\System32\unins000.exe [2012.03.22 23:24:32 | 000,001,071 | ---- | C] () -- C:\Windows\System32\unins000.dat [2012.03.05 16:40:26 | 000,000,683 | ---- | C] () -- C:\Users\Daniel\NETGEAR WG111v2 Smart Wizard.lnk [2012.02.21 14:09:25 | 000,000,004 | ---- | C] () -- C:\Users\Daniel\cache.dat [2012.01.10 17:21:04 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll [2011.12.23 14:46:54 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat [2011.12.15 21:18:26 | 000,000,046 | ---- | C] () -- C:\Users\Daniel\jagex_cl_runescape_LIVE1.dat [2011.11.05 15:13:21 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\AppData\Local\{7ABD599E-CFB6-40C2-BAE3-3B2AA8CFEF29} [2011.11.03 17:30:31 | 000,000,032 | ---- | C] () -- C:\Users\Daniel\jagex_cl_runescape_LIVE.dat [2011.10.16 13:14:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2011.08.03 14:12:52 | 000,087,364 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2011.07.18 18:15:09 | 000,055,296 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.25 22:21:33 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.06.25 22:21:33 | 000,138,056 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys [2011.06.25 22:21:02 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.06.25 22:21:00 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.06.20 14:39:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.06.20 14:39:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.06.17 11:33:51 | 000,000,129 | ---- | C] () -- C:\Users\Daniel\jagex_runescape_preferences2.dat [2011.06.17 11:33:18 | 000,000,035 | ---- | C] () -- C:\Users\Daniel\jagex_runescape_preferences.dat [2011.06.16 21:47:05 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.06.16 19:51:38 | 000,006,088 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat [2011.06.12 13:09:31 | 000,009,824 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll [2011.06.12 12:42:30 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe [2011.06.12 11:30:48 | 000,002,032 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat [2011.05.31 08:39:50 | 000,058,368 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2011.05.31 08:38:18 | 000,015,360 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.02.11 23:23:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini ========== LOP Check ========== [2012.08.29 17:27:47 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\.minecraft [2012.02.17 15:51:45 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\AnvSoft [2012.08.25 20:00:59 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\avidemux [2012.03.12 16:40:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Canon [2012.02.26 16:42:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoft [2011.11.05 14:15:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.08 15:30:54 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreeFLVConverter [2012.08.28 22:49:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FreePDF [2012.09.09 18:50:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\gtk-2.0 [2012.05.18 14:36:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\JonDo [2011.06.16 19:30:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Leadertech [2011.08.03 13:05:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\LolClient [2012.02.24 17:00:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\MAGIX [2012.03.22 22:51:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Orbit [2011.11.26 19:26:42 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Origin [2012.03.22 22:46:35 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProgSense [2012.08.09 16:16:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Soldat [2012.05.30 21:31:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Solveig Multimedia [2011.06.16 19:51:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Template ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 20.09.2012 20:19:46 - Run 1 OTL by OldTimer - Version 3.2.64.0 Folder = C:\Users\Daniel\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19298) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 63,70% Memory free 6,21 Gb Paging File | 5,08 Gb Available in Paging File | 81,79% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 274,41 Gb Free Space | 61,56% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 19,66 Gb Free Space | 98,30% Space Free | Partition Type: NTFS Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{230DD1F2-5CB7-4B7E-B278-D4A8BF107001}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery | "{29C653CA-A2B9-4753-8B67-27C7271970CA}" = lport=137 | protocol=17 | dir=in | app=system | "{36C28C9C-1BDB-4D4B-BCD0-A1B00EC63150}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3BEE5BF4-D706-4C40-AE5D-32E6A4CC5AFC}" = rport=138 | protocol=17 | dir=out | app=system | "{476D420A-BC11-48DC-847B-CB24D45145F5}" = lport=138 | protocol=17 | dir=in | app=system | "{4B93DB55-969F-4653-A128-5F6C01E4343A}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{50A307A7-2FDB-4350-9C4E-E6CC64425800}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{5E0091F4-4E54-400D-95A2-31751B495F11}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{64F0BC97-1649-4EB5-9622-4D3C8E8989AB}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{65F79044-5F89-4B05-9C5D-A3BD3FD9F9C7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{66AAFB45-9710-4402-869A-A1C0C80DD39D}" = lport=445 | protocol=6 | dir=in | app=system | "{6B8560E1-FAFD-4412-883C-62B02EEFE743}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{72804330-F1AD-446F-8F3C-D720388D73DE}" = rport=445 | protocol=6 | dir=out | app=system | "{772405A6-A4EB-41F2-A4ED-9C58A8612B6B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{83809C5F-1A01-4631-806C-093A38C40E00}" = lport=139 | protocol=6 | dir=in | app=system | "{89BE2499-6A4A-40BD-8EBF-CECE1825B885}" = rport=137 | protocol=17 | dir=out | app=system | "{C1FAB1ED-9A99-4BAD-B593-BA1DC445F4C6}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{DFB81C3F-8ECE-473D-BD31-AF3DC4FFBEE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{EA411FAD-6809-415C-B55A-C12C434F6500}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{EE11957A-8D28-44D8-A4C7-EABE88F9ED94}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery | "{FABAF256-E3FE-4067-8E3F-7FE27E44850D}" = rport=139 | protocol=6 | dir=out | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{018BACDA-1902-4D84-9D2B-EAE6793F5383}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{024B22E8-3863-43B7-AB89-8678F1247756}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{04986A53-0CDB-49B5-87BA-F3E8A092FEE5}" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{06D13324-0E7F-4D3E-B9D9-12AE60625135}" = protocol=6 | dir=in | app=c:\users\daniel\desktop\spiele\vindictus eu\en-eu\nmservice.exe | "{123246FD-5C69-48F8-B87A-DA7D2FB82A3C}" = protocol=17 | dir=in | app=c:\users\daniel\desktop\spiele\vindictus eu\en-eu\nmservice.exe | "{2292342B-7014-4E36-971C-89D40B1A6BE7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\alien breed 2 assault\binaries\alienbreed2assault.exe | "{28163A86-E0B0-42B9-BB2E-4C3FCF7DD4D5}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{28536A4F-7966-4C62-8E5D-48F1074FB396}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{3A47F22C-3AC0-45D0-A224-10711ED37DA6}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{3EF0371F-0BAF-49FF-BDE1-AC820200F77E}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{4204EAF3-8DBE-4BC2-BE31-E9A13599E700}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{4A05EC8B-089B-4B63-9FC3-B5D03542C1DE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{521589F7-846F-453B-A396-A6C4F0C401A3}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{548BD206-2A37-40C7-831D-9B353B31F372}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{5A4666B1-6138-42A8-B52F-E46D4D7A5ABF}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{5F2E4BE1-E69B-4C03-BA98-2E2209FC0CC0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | "{630CAE9D-82B9-448E-87F5-F947E67C45C7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{6A9F37A6-97F2-4AC0-9F82-6E713E0611E7}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{6B141568-CABA-448C-8C05-D0BA341ADDEA}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{710C4E6E-0EB5-4526-8B88-D36A4E27E1AE}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{772C6652-E840-40E6-B1C0-5A71D3856B3B}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{77B4FE8F-E78F-4D61-BC8F-F250619D24ED}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{7F41BFF9-2E5F-4958-A4EE-2C3D6D22FC51}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{82F7C682-99BD-4CF6-A300-F8822F49F356}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{8B21A174-3DFC-468F-B1A2-59F16C20C166}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{8CBD8BA0-413B-4B6B-8D24-FEB151DD42C2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | "{968CB435-01EB-408B-8909-B792A2911EEC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\dawn of war 2\dow2.exe | "{9992E2F8-CCE6-40BF-B603-9F7951444440}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | "{9C6546A4-5C9F-4D09-A0D5-947F8F29DA80}" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires iii\age3.exe | "{9F5D4DFE-9122-4D4A-AB4D-D50FAA467D1E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{A1514DD0-401F-4BEA-82B5-D1F6378C8154}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{A5175535-B2EE-48D5-9617-450764280E04}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe | "{A7E0D1B7-CE13-430B-B3B7-D75D9C6ABEF0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{C582DBE4-B817-4701-90C0-8D4CEA55A00F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{CEBC4A16-9A57-48F4-8CE8-AE3CAABCE528}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D13F8B56-F005-4280-AF3F-2F4274143616}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{D3F897FE-E3A1-453B-BCCC-F19E909045D2}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{D99213A3-C434-45E0-BFC8-8DE1B624052A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{F0D9FDA1-0692-4D7D-A13A-C4CF1F4CB665}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{F8A38E5A-7C2B-472D-9F56-FFC166EF6115}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{F8FB8EF9-7CF1-4DFC-AA72-B4651E235101}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{FDCB6D92-F3A7-4663-B5A1-F9ACBDE62DB2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "TCP Query User{12EC7F12-3BF0-40A7-896A-3721F148CF04}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "TCP Query User{2E55B762-F7AA-43AA-871D-1E2A8F224EAB}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "TCP Query User{AD948801-78A1-41F9-9230-F23F62D12852}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{D6B43769-C5B7-43AE-AC08-F9330EDDEE1C}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | "UDP Query User{628FC5A3-4F05-4F8D-B394-81290D8453D8}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{62DB8704-D200-44FD-A0EA-600B14F8753C}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | "UDP Query User{9A1CE7A7-09B9-4DF1-A9ED-EA271192312A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | "UDP Query User{B084733F-CDF5-46C6-AA6B-3A1C5850EE5E}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35 "{2758691A-2CDE-4942-A4AC-0E8F61FE2067}" = USB Video Driver "{289AC7E0-0AEE-4a7b-913C-709D9803D23E}" = Nexon Game Manager "{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink Wireless LAN "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{4102037D-E8E0-48E0-B203-E521D194FB71}" = NETGEAR WG111v2 wireless USB 2.0 adapter "{47FDEFC7-BFE6-FD75-41D1-28DD572BD2D9}" = ATI Catalyst Install Manager "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5BB977A4-E843-4E31-9859-745F442B1031}" = Nero 8 Essentials "{620CAD2D-0757-43A9-AA5F-C8D48A1E4D85}_is1" = BigMacroTool 1.5 "{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}" = ATI AVIVO Codecs "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren "{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv™ Software "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer "{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel(R) PRO Network Connections 12.2.41.0 "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3 "{C0E8FE43-C35B-451D-B35F-D4BD056D70E7}" = Camtasia Studio 7 "{C314AD4A-1715-40DD-9C20-04EF3D22598B}" = Logitech Z-5 "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F112F66E-25CA-42DD-983C-6118EB38F606}" = Microsoft Games for Windows - LIVE "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "69083DC58646DE46A09847A522A1CC487F918039" = Windows-Treiberpaket - eMPIA Technology Inc, (emAudio) MEDIA (08/31/2007 5.7.0831.0) "Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AstrumNival Allods" = Allods Online 2.0.06.42 "Avidemux 2.5" = Avidemux 2.5 (32-bit) "Avira AntiVir Desktop" = Avira Free Antivirus "BandiMPEG1" = Bandisoft MPEG-1 Decoder "CamStudio Lossless Codec_is1" = CamStudio Lossless Codec v1.4 "Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung "CanonMyPrinter" = Canon My Printer "CanonSolutionMenuEX" = Canon Solution Menu EX "CCleaner" = CCleaner "Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX "Easy-WebPrint EX" = Canon Easy-WebPrint EX "EditStudio_is1" = EditStudio 6.0.5 "ffdshow_is1" = ffdshow [rev 3154] [2009-12-09] "Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 2.0.0.1228 "Free YouTube Download_is1" = Free YouTube Download version 3.0.16.923 "Freemake Video Downloader_is1" = Freemake Video Downloader "Game Booster_is1" = Game Booster 3 "GIMP-2_is1" = GIMP 2.8.2 "G'MIC for GIMP_is1" = G'MIC for GIMP Version 1.5.1.9 "Google Chrome" = Google Chrome "InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}" = Age of Empires III "Intel(R) Configuration Center" = Intel® Viiv™ Software "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400 "MediaInfo" = MediaInfo 0.7.57 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Origin" = Origin "Picasa 3" = Picasa 3 "PROSetDX" = Intel(R) PRO Network Connections 12.2.41.0 "PunkBusterSvc" = PunkBuster Services "Redirection Port Monitor" = RedMon - Redirection Port Monitor "Soldat_is1" = Soldat 1.6.2 "Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™ "Steam App 22650" = Alien Breed 2: Assault "Steam App 240" = Counter-Strike: Source "Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™ "Vindictus EU" = Vindictus EU "VLC media player" = VLC media player 1.1.11 "WinPcapInst" = WinPcap 4.1.2 "WinRAR archiver" = WinRAR 4.01 (32-Bit) "X10Hardware" = X10 Hardware(TM) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "InstallShield_{6530FDAA-5B1F-4830-95BB-650E9804D239}" = UE3Redist "Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de) ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 07.05.2012 14:44:57 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 08.05.2012 08:41:46 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 08.05.2012 17:13:30 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 09.05.2012 10:03:07 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 09.05.2012 16:19:43 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 10.05.2012 15:58:20 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 10.05.2012 17:28:58 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 11.05.2012 05:26:54 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 11.05.2012 08:57:38 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = Error - 12.05.2012 07:19:00 | Computer Name = Daniel-PC | Source = EventSystem | ID = 4621 Description = [ IntelDH Events ] Error - 30.08.2012 07:19:45 | Computer Name = Daniel-PC | Source = TrayIcon | ID = 15 Description = A CCU internal function detected an error: CCU_TrayIcon::Shell_NotifyIcon failed when trying to hide icon Error - 30.08.2012 07:19:45 | Computer Name = Daniel-PC | Source = TrayIcon | ID = 15 Description = A CCU internal function detected an error: CCU_TrayIcon::Shell_NotifyIcon failed when trying to hide icon [ Media Center Events ] Error - 16.06.2011 13:22:45 | Computer Name = Daniel-PC | Source = ehRecvr | ID = 4 Description = [ System Events ] Error - 19.09.2012 09:21:31 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001 Description = Error - 19.09.2012 09:21:31 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Error - 19.09.2012 12:37:25 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001 Description = Error - 19.09.2012 12:37:25 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Error - 20.09.2012 04:47:02 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001 Description = Error - 20.09.2012 04:47:02 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Error - 20.09.2012 09:19:43 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001 Description = Error - 20.09.2012 09:19:43 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = Error - 20.09.2012 11:40:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001 Description = Error - 20.09.2012 11:40:34 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7026 Description = < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-09-20 21:01:22 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD5000AACS-00ZUB0 rev.01.01B01 Running: td2lf3bt.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uwdirpod.sys ---- Kernel code sections - GMER 1.0.15 ---- .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8FE0A000, 0x267978, 0xE8000020] ---- Registry - GMER 1.0.15 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN=26F42A7 TREIBER\Windows Vista\Intel\xae Matrix Storage Manager\Setup.exe 1 ---- EOF - GMER 1.0.15 ---- |
21.09.2012, 09:14 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | PC ist langsam + Internet bricht ab Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
Themen zu PC ist langsam + Internet bricht ab |
adblock, antivir, autorun, avira, bho, error, failed, firefox, flash player, helper, home, homepage, install.exe, internet, iobit, langsam, locker, logfile, mozilla, netgear, pc ist langsam, plug-in, preferences, realtek, registry, scan, security, server, software, svchost.exe, usb 2.0, viren, vista |