| |
| |||||||
Log-Analyse und Auswertung: Laptop sehr langsam und auch lautWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.04.2013, 09:25
| #1 |
| |  Laptop sehr langsam und auch laut Heyho liebes Trojaner-Board Team, heute muss ich mich leider wieder mit einem Problem melden, da der Laptop von meiner Mutter ziemlich am "zicken" ist. Es ist ein COMPAQ Preario CQ56, hat 4gb Ram eine 300gb Festplatte und einen Dual Core Prozessor mit 2.1ghz auf einem 64 bit Betribssystem mit Win 7. Jetzt zum eigentlichen Problem: Da mein kleiner Bruder noch mit auf dem Laptop spielt, und keine ahnung hat, installiert er sich irgendwelche Spiele+toolbars/programme/etc. Der Laptop geht manchmal wenn er Minecraft spielt von alleine aus, der Lüfter hört sich an als wenn ein Flugzeug startet und er hängt ziemlich oft. Habe die ganzen Scans gemacht, aber da diese zu viele Zeichen beinhaltet, habe ich sie in dem Anhang zusammen gefasst. Ich hoffe das ihr mir helfen könnt, da der Laptop für meine Mutter ziemlich wichtig ist (Onlinebanking etc.) Mit freundlichem Gruß, PowerOpa |
|
18.04.2013, 09:34
| #2 |
| /// Malwareteam / Visitor  | Laptop sehr langsam und auch laut Hallo PowerOpa ich bin smeenk und ich werde versuchen dir mit deinem Problem zu helfen
__________________ Systemscan mit ZOEK Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
Bitte alles nach Möglichkeit hier in CODE-Tags posten  Geändert von smeenk (18.04.2013 um 09:41 Uhr) |
|
18.04.2013, 10:33
| #3 |
| | Laptop sehr langsam und auch laut Schritt 1: Erledigt. Hier das Log:
__________________Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 17-April-2013
Tool run by Moni on 18.04.2013 at 11:07:53,70.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
18.04.2013 11:08:58 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} deleted successfully
HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F8802592-0820-4C8E-8F14-5A9A73230B83} deleted successfully
==== Deleting CLSID Registry Values ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\g2kn9ezw.default
---- Lines funmoods removed from prefs.js ----
user_pref("extensions.funmoods.aflt", "nv1");
user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
user_pref("extensions.funmoods.cntry", "DE");
user_pref("extensions.funmoods.cv", "cv5");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dfltlng", "en");
user_pref("extensions.funmoods.dfltsrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hdrMd5", "B55864D99EBC61E40E68592AACA77361");
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=");
user_pref("extensions.funmoods.hrdid", "7A79000000007948");
user_pref("extensions.funmoods.id", "7A79000000007948");
user_pref("extensions.funmoods.instlDay", "15759");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.instlday", "15759");
user_pref("extensions.funmoods.instlref", "");
user_pref("extensions.funmoods.isdcmntcmplt", false);
user_pref("extensions.funmoods.keywordurl", "");
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.monitorreport", true);
user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=");
user_pref("extensions.funmoods.newtab", "false");
user_pref("extensions.funmoods.newtaburl", "hxxp://searchfunmoods.com/?f=2&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prtnrid", "funmoods");
user_pref("extensions.funmoods.savedVrsnTs", "1");
user_pref("extensions.funmoods.sg", "none");
user_pref("extensions.funmoods.smplgrp", "free");
user_pref("extensions.funmoods.srch", "");
user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
user_pref("extensions.funmoods.srchprvdr", "Funmoods");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=&q=");
user_pref("extensions.funmoods.tlbrid", "base");
user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://searchfunmoods.com/?f=3&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=&q=");
user_pref("extensions.funmoods.vrsn", "1.8.11.0");
user_pref("extensions.funmoods.vrsni", "1.8.11.0");
user_pref("extensions.funmoods.vrsnts", "");
user_pref("extensions.funmoods_i.hmpg", true);
user_pref("extensions.funmoods_i.newTab", false);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.019:5:48");
---- Lines funmoods modified from prefs.js ----
---- Lines funmoods removed from user.js ----
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods_i.newTab", false);
user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&cd=2XzuyEtN2Y1L1QzuyB0AyBzytDtDtDtDtDtDtDtDyBzyyEzztN0D0Tzu0CyEtBtDtN1L2XzutBtFtBtFtCtFyDtDtAtN1L1Czu1G2XtC&cr=515290491&ir=&q=");
user_pref("extensions.funmoods.id", "7A79000000007948");
user_pref("extensions.funmoods.instlDay", "15759");
user_pref("extensions.funmoods.vrsn", "1.8.11.0");
user_pref("extensions.funmoods.vrsni", "1.8.11.0");
user_pref("extensions.funmoods_i.vrsnTs", "1.8.11.019:5:48");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.aflt", "nv1");
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.instlRef", "");
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.appId", "{EA28B360-05E0-4F93-8150-02891F1D8D3C}");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods_i.hmpg", true);
---- Lines delta removed from prefs.js ----
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.id", "28487948000000000000002682ab97e1");
user_pref("extensions.delta.instlDay", "15699");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.4.1");
user_pref("extensions.delta.vrsni", "1.8.4.1");
user_pref("extensions.delta_i.excTlbr", false);
user_pref("extensions.delta_i.smplGrp", "none");
user_pref("extensions.delta_i.vrsnTs", "1.8.4.116:37:15");
---- Lines delta modified from prefs.js ----
---- Lines delta removed from user.js ----
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "28487948000000000000002682ab97e1");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15699");
user_pref("extensions.delta.vrsn", "1.8.4.1");
user_pref("extensions.delta.vrsni", "1.8.4.1");
user_pref("extensions.delta_i.vrsnTs", "1.8.4.116:37:15");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta_i.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta_i.excTlbr", false);
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.admin", false);
---- FireFox user.js and prefs.js backups ----
user__1118_.backup
prefs__1118_.backup
==== Deleting Files \ Folders ======================
"C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\g2kn9ezw.default\searchplugins\Funmoods.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml" deleted
"C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\g2kn9ezw.default\searchplugins\askcom.xml" deleted
"C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\g2kn9ezw.default\searchplugins\Search_Results.xml" deleted
"C:\Program Files (x86)\Optimizer Pro" deleted
"C:\Program Files (x86)\Conduit" deleted
"C:\ProgramData\Browser Manager" deleted
"C:\ProgramData\APN" deleted
"C:\ProgramData\InstallMate" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Premium" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\Moni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Movie2KDownloader.com" deleted
"C:\Users\Moni\AppData\Local\CRE" deleted
"C:\Users\Moni\AppData\Local\PutLockerDownloader" deleted
"C:\Users\Moni\AppData\Local\PackageAware" deleted
"C:\Users\Moni\AppData\Local\Conduit" deleted
"C:\Users\Moni\AppData\LocalLow\Conduit" deleted
"C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2013-04-18 08:56:23 8C0E100191448D5C997C1D39F98EF4E9 41664 ----a-w- C:\Windows\avastSS.scr
====== C:\Users\Moni\AppData\Local\Temp ====
2013-04-17 12:19:54 1B80378EA920FCD0EA146B28C3DBA2AE 6 ----a-w- C:\Users\Moni\AppData\Local\Temp\propsys.dll
2013-04-17 12:19:53 5BB7F9160A555D16C1C4C8914C976043 9 ----a-w- C:\Users\Moni\AppData\Local\Temp\BundleSweetIMSetup.exe
2013-04-17 12:19:52 D2B48C62D4E77881DF37119BBADB8A0F 11 ----a-w- C:\Users\Moni\AppData\Local\Temp\MybabylonTB.exe
2013-04-15 14:20:40 D460DB95ACF9C61C647B2E3439B52529 41472 ----a-w- C:\Users\Moni\AppData\Local\Temp\FINALISE.exe
====== C:\Windows\SysWOW64 =====
2013-04-10 19:09:29 2E56BA5BC215B2AED2B790D42D8C1739 2382848 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 19:09:27 507183B4FCB535A7A973427D1F367CA8 420864 ----a-w- C:\Windows\SysWOW64\vbscript.dll
2013-04-10 19:09:27 40169F9AE27BB73F2CB8C7D11A7A2AC2 73216 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2013-04-10 19:09:22 C720BD3BDE2C9A1BFC4476F6D3A4B64D 176640 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-04-10 19:09:21 FC5BBA40E667D20126D91BD6A790705B 142848 ----a-w- C:\Windows\SysWOW64\ieUnatt.exe
2013-04-10 19:09:21 69EDE878C3891E7796D46B7E552330B1 231936 ----a-w- C:\Windows\SysWOW64\url.dll
2013-04-10 19:09:18 4E7F83E1F6AEFA38E270EA7353D6911E 1104384 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-04-10 19:09:17 CA78BA218B423C7F22B14906308B8B02 1427968 ----a-w- C:\Windows\SysWOW64\inetcpl.cpl
2013-04-10 19:09:14 9DE04A790F697432871E88BB77EEBCF5 607744 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 19:09:12 C5B6468422DB1C8AA36C32CBB0197E5E 1129472 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-04-10 19:09:09 7E6052699CAF18ADEDD846D44ECCE81F 1800704 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-04-10 19:09:09 26DB6CB9BC434ABA1169B3051E6AB4F2 717824 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-04-10 19:09:05 9BDDA34DC4890169DE5BA21134B33EFB 1796096 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-04-10 19:09:05 4BE468D2EE9CC59CB8F666949CD37CD5 65024 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 19:08:58 658EBC74BD38D16805648C4775F7FA82 12324352 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-04-10 19:08:48 DFE118C95C6571B87D1923DAB3FA0A77 9738752 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-04-10 05:48:33 52D33A22DE04BD9F40E1B1A28B46A95C 3217408 ----a-w- C:\Windows\SysWOW64\mstscax.dll
2013-04-10 05:48:30 F5562EFA9E4867D30EC2330B80FCB25C 131584 ----a-w- C:\Windows\SysWOW64\aaclient.dll
2013-04-10 05:48:29 2A6BFDEDF2C57923E78F970BB15D7E7D 36864 ----a-w- C:\Windows\SysWOW64\tsgqec.dll
2013-04-10 05:47:30 2DFAB8C3C394E95D262E1325BDA5DFE4 3913560 ----a-w- C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 05:47:29 88355CFE81D381F93C74716DAA803587 3968856 ----a-w- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 05:47:21 7F21DA4760CE9B4B1B12CBC58C2A642A 6656 ----a-w- C:\Windows\SysWOW64\apisetschema.dll
2013-04-08 08:55:14 91B4AAD4412BB223B466F3DFB43E86DA 452440 ----a-w- C:\Windows\SysWOW64\d3dx10_40.dll
2013-04-08 08:55:14 3384134EEB8F223178C2EB8323003EC0 2036576 ----a-w- C:\Windows\SysWOW64\D3DCompiler_40.dll
2013-04-08 08:55:10 EEA5E428CE63804F9B12D21C97B5968F 4379984 ----a-w- C:\Windows\SysWOW64\D3DX9_40.dll
2013-04-08 08:54:28 499210C45AFEAADEE8CF4DCF7D5E570B 266088 ----a-w- C:\Windows\SysWOW64\xactengine2_8.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-04-10 19:09:30 5281583B59E5FDB6D55E33B0906D0BFC 2382848 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-04-10 19:09:28 AC3FF334360EC9E25C9B794DC37399DC 96768 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2013-04-10 19:09:21 737DF2559F880FEC73AA831C8AC8FC4A 248320 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-04-10 19:09:21 15F628A67C9C88502107320E3206982F 173056 ----a-w- C:\Windows\Sysnative\ieUnatt.exe
2013-04-10 19:09:20 566BDBDF479261EA6555B422573BCB95 237056 ----a-w- C:\Windows\Sysnative\url.dll
2013-04-10 19:09:18 D3A6792AED4841B4D055C7C80C815BB7 1346560 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-04-10 19:09:17 2A0AD3BE38087708D03F4A1A80A1C655 1494528 ----a-w- C:\Windows\Sysnative\inetcpl.cpl
2013-04-10 19:09:15 B54C6B8CBF6F556C9930110164EB63E4 2312704 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-04-10 19:09:14 12F5FB993723BF607370C9B74EC32BF6 729088 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-04-10 19:09:12 A4F6142CABA82FB7293ECE5FF864B440 1392128 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-04-10 19:09:11 A13792C4E26F54181B9E9B5B0C958B22 85504 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-04-10 19:09:08 A072A3C7FD6247F1446D26A6929BDFD7 599040 ----a-w- C:\Windows\Sysnative\vbscript.dll
2013-04-10 19:09:08 76D2D5929F5901392703C5F709AC277A 816640 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-04-10 19:09:06 8D4DEA45FCDF9FCFD9E31232A07E6EF9 2147840 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-04-10 19:08:56 1154FEFC73880A2EF44295EF0DBDC59F 17817088 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-04-10 19:08:50 652B60C9C4D5391FF0970B9086702E8F 10925568 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-04-10 05:48:35 F4C640E85DB6450CB221E5224AA2AB51 3717632 ----a-w- C:\Windows\Sysnative\mstscax.dll
2013-04-10 05:48:30 9F5C2F0CFEF95B4653E21443CDC0D587 158720 ----a-w- C:\Windows\Sysnative\aaclient.dll
2013-04-10 05:48:29 CE4157E4B1E5041D252EF38EB61E9F0C 44032 ----a-w- C:\Windows\Sysnative\tsgqec.dll
2013-04-10 05:48:11 86F96630D28523F1C402C783F046DEF1 3153408 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-04-10 05:47:40 AC3232ED772403D38D64C18CD5A66FBD 5550424 ----a-w- C:\Windows\Sysnative\ntoskrnl.exe
2013-04-10 05:47:24 F0371DE302FFFF8F086661611BE60848 112640 ----a-w- C:\Windows\Sysnative\smss.exe
2013-04-10 05:47:22 CEC1EDF4022DC4DCA40384DCEC672B0E 43520 ----a-w- C:\Windows\Sysnative\csrsrv.dll
2013-04-08 08:55:14 862586AD4B1355F7DCDE111EE0AAF350 519000 ----a-w- C:\Windows\Sysnative\d3dx10_40.dll
2013-04-08 08:55:14 37309B833480DC69FDE7DB68F9B8BC20 2605920 ----a-w- C:\Windows\Sysnative\D3DCompiler_40.dll
2013-04-08 08:55:10 29A79F0B607FAF5722D7BAF2485F632A 5631312 ----a-w- C:\Windows\Sysnative\D3DX9_40.dll
2013-04-08 08:54:28 FA485E76F94B7457767E372F47757733 409960 ----a-w- C:\Windows\Sysnative\xactengine2_8.dll
====== C:\Windows\Sysnative\drivers =====
2013-04-18 08:57:23 B217378ED9A964E15346A67FEF609A17 33400 ----a-w- C:\Windows\Sysnative\drivers\aswFsBlk.sys
2013-04-18 08:57:22 97D4D725BD32C965119E6C8E252F8C64 377920 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys
2013-04-18 08:57:17 8F90459AFB7FD4557D935CE639EF6110 70992 ----a-w- C:\Windows\Sysnative\drivers\aswRdr2.sys
2013-04-18 08:57:15 D62C10D1829C65115111C160EA956260 68920 ----a-w- C:\Windows\Sysnative\drivers\aswTdi.sys
2013-04-18 08:57:12 AB8B4D3136D18A20777036E0F0CFC5E1 1025808 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys
2013-04-18 08:57:10 E92635BB235B03ED03B17CBB59F77FA4 80816 ----a-w- C:\Windows\Sysnative\drivers\aswMonFlt.sys
2013-04-18 07:12:10 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2013-04-10 05:48:03 B8965FB53551B5455630A4B804D0791F 1655656 ----a-w- C:\Windows\Sysnative\drivers\ntfs.sys
2013-04-05 16:42:40 92B3172E8C14C1444682F510843A9988 19968 ----a-w- C:\Windows\Sysnative\drivers\usb8023.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-04-07 16:57:44 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2013-04-04 12:14:47 -------- d-----r- C:\Program Files (x86)\Skype
2013-03-25 22:32:23 -------- d-----w- C:\Program Files (x86)\Metin2
2013-03-25 15:23:20 -------- d-----w- C:\Program Files (x86)\Pando Networks
2013-03-22 15:24:38 -------- d-----w- C:\Program Files (x86)\WildTangent Games
======= C: =====
====== C:\Users\Moni\AppData\Roaming ======
2013-04-15 14:19:07 -------- d-----w- C:\users\Moni\AppData\Roaming\WinRAR
2013-04-13 06:31:29 -------- d-----w- C:\users\Moni\AppData\Roaming\FamilyVacationCalifornia
2013-04-12 09:54:44 -------- d-----w- C:\users\Moni\AppData\Roaming\SpinTop Games
2013-04-07 08:03:34 -------- d-----w- C:\users\Moni\AppData\Roaming\The Curse of the Werewolves
2013-04-04 12:15:05 -------- d-----w- C:\users\Moni\AppData\Roaming\Skype
2013-04-04 08:41:15 -------- d-----w- C:\users\Moni\AppData\Roaming\AlawarEntertainment
2013-04-04 07:52:13 -------- d-----w- C:\users\Moni\AppData\Roaming\EntwinedSoD
2013-03-25 15:23:39 -------- d-----w- C:\users\Moni\AppData\Local\PMB Files
2013-03-23 19:11:23 -------- d-----w- C:\users\Moni\AppData\Roaming\ATI
2013-03-23 12:58:25 -------- d-----w- C:\users\Moni\AppData\Roaming\InstallShield
2013-03-23 12:51:49 -------- d-----w- C:\users\Moni\AppData\Roaming\Windows Live Writer
2013-03-23 09:59:28 -------- d-----w- C:\users\Moni\AppData\Roaming\Adobe
2013-03-23 09:57:07 -------- d-----w- C:\users\Moni\AppData\Roaming\.minecraft
====== C:\Users\Moni ======
2013-04-18 08:57:23 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
2013-04-18 07:26:10 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\Users\Moni\defogger_reenable
2013-04-07 16:57:44 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2013-03-28 06:00:20 -------- d-----w- C:\ProgramData\Meridian93
2013-03-25 15:23:35 -------- d-----w- C:\ProgramData\PMB Files
====== C: exe-files ==
2013-04-18 09:06:55 16F337CBA3B27E1ED44C30B6EB691AD0 544 ----a-w- C:\$Recycle.Bin\S-1-5-21-758481354-1503340722-1185920961-1000\$IHLU3B1.exe
2013-04-18 08:48:55 254742ABC564A1B1CAD492E761699CB0 2883416 ----a-w- C:\Users\Moni\AppData\Local\Temp\_av_sfx.tm~ac7b7460-5ecf-418b-bfba-ba7466df0190\aswOfferTool.exe
2013-04-18 08:45:34 2D58EDD287012EA9CDAEB98175B682A7 115054456 ----a-w- C:\$Recycle.Bin\S-1-5-21-758481354-1503340722-1185920961-1000\$RHLU3B1.exe
2013-04-18 07:56:40 60BF4AE8CC40B0E3E28613657ED2EED8 377856 ----a-w- C:\Users\Moni\Desktop\gmer_2.1.19163.exe
2013-04-18 07:26:28 4ADCFEE16EE9978F06157634669D36FB 602112 ----a-w- C:\Users\Moni\Desktop\OTL.exe
2013-04-18 07:25:23 9146F21288AB749C4C729343F5F285A1 50477 ----a-w- C:\Users\Moni\Desktop\Defogger.exe
2013-04-18 07:06:00 9A821D8D62F4C60232B856E98CBA7E4F 96768 ----a-w- C:\Users\Moni\AppData\Local\Temp\7BD11CAF-6E40-458A-8189-0F48E4238582\DismHost.exe
2013-04-18 06:59:25 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-06b6da99-63cd-4a21-b3a7-7d76b0d98201\Uninstaller.exe
2013-04-18 06:59:21 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-ea97f777-6e93-446c-acf4-7b991018b7d9\Uninstaller.exe
2013-04-18 06:59:17 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-557d05f3-4d0f-423c-8984-00d0ffd2d8a1\Uninstaller.exe
2013-04-18 06:59:06 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-67520983-4b51-4e82-ae10-2ec9b91636e2\Uninstaller.exe
2013-04-18 06:59:02 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-3721db4d-be0c-40be-bdb6-6d55305eb1f3\Uninstaller.exe
2013-04-18 06:58:54 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-6954084f-6284-4f24-97ed-e8d1599681ff\Uninstaller.exe
2013-04-18 06:58:35 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-deb83118-4f4e-43c1-8c2e-aa1fb5c01156\Uninstaller.exe
2013-04-18 06:58:06 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-b75a04d8-0b8c-42a0-84f6-1ecf250be603\Uninstaller.exe
2013-04-18 06:57:59 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-8f04c98d-854b-4b12-9e4d-0586a8e4dc00\Uninstaller.exe
2013-04-18 06:57:54 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-380717d6-5647-4a8f-a3ba-a1af6e56fe11\Uninstaller.exe
2013-04-18 06:57:46 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-3af5c14d-4a82-4c0f-80c3-a23435a047b2\Uninstaller.exe
2013-04-18 06:57:38 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-1f695821-2e3c-45a4-ae8c-ae4642996899\Uninstaller.exe
2013-04-18 06:57:27 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-c768b209-2efb-4c66-b1fc-55f336c24dbf\Uninstaller.exe
2013-04-18 06:57:20 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-6604be03-ec14-429b-abb8-af41a7990711\Uninstaller.exe
2013-04-18 06:57:12 3616AB4898E6880F3D1DD128A3FE858C 352496 ----a-w- C:\Users\Moni\AppData\Local\Temp\uninstaller-WTA-10a78756-604c-4dad-a2ea-cc74d8986bc2\Uninstaller.exe
2013-04-17 12:19:53 5BB7F9160A555D16C1C4C8914C976043 9 ----a-w- C:\Users\Moni\AppData\Local\Temp\BundleSweetIMSetup.exe
2013-04-17 12:19:52 D2B48C62D4E77881DF37119BBADB8A0F 11 ----a-w- C:\Users\Moni\AppData\Local\Temp\MybabylonTB.exe
2013-04-15 14:20:40 D460DB95ACF9C61C647B2E3439B52529 41472 ----a-w- C:\Users\Moni\AppData\Local\Temp\FINALISE.exe
=== C: other files ==
2013-04-18 08:57:23 B217378ED9A964E15346A67FEF609A17 33400 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys
2013-04-18 08:57:22 97D4D725BD32C965119E6C8E252F8C64 377920 ----a-w- C:\Windows\System32\drivers\aswSP.sys
2013-04-18 08:57:17 8F90459AFB7FD4557D935CE639EF6110 70992 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-04-18 08:57:15 D62C10D1829C65115111C160EA956260 68920 ----a-w- C:\Windows\System32\drivers\aswTdi.sys
2013-04-18 08:57:12 AB8B4D3136D18A20777036E0F0CFC5E1 1025808 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2013-04-18 08:57:10 E92635BB235B03ED03B17CBB59F77FA4 80816 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2013-04-18 07:12:10 0BB97D43299910CBFBA59C461B99B910 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-16 14:46:16 9C6EC530519226A95A7152763B74EE68 3643328 ----a-w- C:\Users\Moni\AppData\Roaming\.minecraft\texturepacks-mp-cache\Sphax.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Moni\AppData\Local\Akamai\netsession_win.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Moni\AppData\Local\Akamai\netsession_win.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\Users]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\Users\Moni]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\Users\Moni\AppData]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\Users\Moni\AppData\Local]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\Users\Moni\AppData\Local\Temp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\Users\Moni\AppData\Local\Temp\tmpA518.tmp.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="C:\\Users\\Moni\\AppData\\Local\\Temp\\tmpA518.tmp.exe"
"hkey"="HKCU"
"command"="C:\\Users\\Moni\\AppData\\Local\\Temp\\tmpA518.tmp.exe /exenoupdates /exelang 1031 /prereqs \"0\" "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Exetender_148]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Exetender_148"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\FreeRide Games\\GPlayer.exe\" /schedule 300000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spiele Post]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spiele Post"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\OXXOGames\\GPlayer\\GameCenterNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\AML Device Install.lnk"
"backup"="C:\\Windows\\pss\\AML Device Install.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\AMDAVT~1\\bin\\kdbsync.exe aml"
"item"="AML Device Install"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax]
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ \C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.10.2012 14:46]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.10.2012 14:46]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\g2kn9ezw.default
47299371607DC2FB234444EEACB1639E - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll - Shockwave Flash
1C27D3E29218B6EADDB87A6B335637E3 - C:\Windows\SysWOW64\npdeployJava1.dll - Java Deployment Toolkit 6.0.320.5
9741513D6C9D76C8903BFA362AC8BF9D - C:\ProgramData\NexonEU\NGM\npNxGameeu.dll - Nexon Game Controller
1FA3B42DA40D0F387A7899A9731A2E94 - C:\Users\Moni\AppData\Roaming\Mozilla\plugins\nppdf32.dll - Adobe Acrobat
FF030B5F429A1A8C18821E4595599C1F - C:\Users\Moni\AppData\Roaming\Mozilla\plugins\npdeployJava1.dll - Java Deployment Toolkit 6.0.300.12
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
anpiogajjmckmlehhpjnojhebaidkeod - C:\Users\Moni\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx[]
engeblojhfeingnjnfpiceofljnjpldp - C:\Users\Moni\AppData\Local\CRE\engeblojhfeingnjnfpiceofljnjpldp.crx[]
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[07.03.2013 00:29]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
anpiogajjmckmlehhpjnojhebaidkeod - C:\Users\Moni\AppData\Local\CRE\anpiogajjmckmlehhpjnojhebaidkeod.crx[]
engeblojhfeingnjnfpiceofljnjpldp - C:\Users\Moni\AppData\Local\CRE\engeblojhfeingnjnfpiceofljnjpldp.crx[]
nikpibnbobmbdbheedjfogjlikpgpnhp - C:\Users\Moni\AppData\Roaming\DVDVideoSoft\dvsYoutubeDownload.crx[]
WiseConvert 1.3 - Moni - Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod
YouTube - Moni - Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Moni - Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
FileConverter 1.3 - Moni - Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp
Star Stable Online - Moni - Default\Extensions\fnlmdkpemkkigkgelegknllpmfclakkk
avast WebRep - Moni - Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda
Gmail - Moni - Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\anpiogajjmckmlehhpjnojhebaidkeod deleted successfully
C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Extensions\engeblojhfeingnjnfpiceofljnjpldp deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.searchnu.com/406"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}] not found
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{95B7759C-8C7F-4BF1-B163-73684A933233} AVG Secure Search Url="hxxp://isearch.avg.com/search?cid={260300C3-8786-44E3-81E2-D49DEFAC4076}&mid=494d3ec35b2247d1800ab1a22fad5a88-a02703f07077a19be9159f751d22ed12fb2a9109&lang=de&ds=ts024&pr=sa&d=2012-03-03"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{79A2B609-BBC0-4D16-9925-70CB98A6490D} deleted successfully
HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\{79A2B609-BBC0-4D16-9925-70CB98A6490D} deleted successfully
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\engeblojhfeingnjnfpiceofljnjpldp deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\anpiogajjmckmlehhpjnojhebaidkeod deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\engeblojhfeingnjnfpiceofljnjpldp deleted successfully
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Moni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Moni\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Moni\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Moni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\users\Moni\AppData\Local\Mozilla\Firefox\Profiles\g2kn9ezw.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\users\Moni\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
After Reboot
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Moni\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Moni\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" deleted
|
|
18.04.2013, 10:59
| #4 |
| /// Malwareteam / Visitor | Laptop sehr langsam und auch laut Es hat anscheinend problemlos geklappt  Öffne nochmal ZOEK und kopiere untenstehende Code in das Textfeld: Code:
ATTFilter hijackthis;
chrdefaults;
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}];r64
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}];r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r64
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}";r64
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}";r
uninstall-list;
startupall;
Poste mir das Logfile. Geändert von smeenk (18.04.2013 um 11:35 Uhr) |
|
18.04.2013, 12:42
| #5 |
| | Laptop sehr langsam und auch laut Erledigt. Hier da Log: Code:
ATTFilter Zoek.exe Version 4.0.0.2 Updated 17-April-2013
Tool run by Moni on 18.04.2013 at 13:36:25,51.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== Older Logs ======================
C:\zoek-results18.04.2013-1131.log 36413 bytes
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== Registry Fix Code x64 ======================
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-758481354-1503340722-1185920961-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Moni\AppData\Local\Akamai\netsession_win.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="C:\Users\Moni\AppData\Local\Akamai\netsession_win.exe"
"msnmsgr"="C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
==== Startup Registry Disabled ======================
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Exetender_148]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Exetender_148"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\FreeRide Games\\GPlayer.exe\" /schedule 300000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LogMeIn Hamachi Ui]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LogMeIn Hamachi Ui"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\LogMeIn Hamachi\\hamachi-2-ui.exe\" --auto-start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"C:\\Program Files (x86)\\Skype\\Phone\\Skype.exe\" /minimized /regrun"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Spiele Post]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Spiele Post"
"hkey"="HKCU"
"command"="C:\\Program Files (x86)\\OXXOGames\\GPlayer\\GameCenterNotifier.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AML Device Install.lnk]
"path"="C:\\ProgramData\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\AML Device Install.lnk"
"backup"="C:\\Windows\\pss\\AML Device Install.lnk.CommonStartup"
"backupExtension"=".CommonStartup"
"command"="C:\\PROGRA~2\\AMDAVT~1\\bin\\kdbsync.exe aml"
"item"="AML Device Install"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Fax]
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14.03.2013 08:48]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.10.2012 14:46]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [27.10.2012 14:46]
==== Reset Google Chrome ======================
C:\users\Moni\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\users\Moni\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Uninstall List x64 ======================
Adobe Flash Player 11 ActiveX [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player ActiveX]
Adobe Flash Player 11 Plugin [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Adobe Flash Player Plugin]
Adobe Reader X (10.1.6) - Deutsch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AC76BA86-7AD7-1031-7B44-AA1000000001}]
Akamai NetSession Interface [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai]
Akamai NetSession Interface Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Akamai]
AMD Accelerated Video Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2344B9D2-1163-4AA9-098D-C2E907C896EB}]
AMD APP SDK Runtime [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{503F672D-6C84-448A-8F8F-4BC35AC83441}]
AMD AVIVO64 Codecs [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{02012B20-7028-DC8D-E513-8A46A26AE65C}]
AMD Catalyst Install Manager [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{B04FC536-A80C-D862-A8A6-16459DB26D41}]
AMD Drag and Drop Transcoding [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{55755C6B-6204-BD6A-C0AC-B25DA892EFF0}]
AMD Fuel [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8CC4F2B6-07EB-D27F-AFD5-7D9E5ACFAD65}]
AMD Media Foundation Decoders [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{BB4923A8-7D17-91A9-B81B-42BD567008F7}]
AMD VISION Engine Control Center [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CDA414B-9E1B-82DD-B6C6-D9B9FB96B8D7}]
avast Free Antivirus [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\avast]
Broadcom 802.11 Wireless LAN Adapter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\Broadcom 802.11 Wireless LAN Adapter]
Catalyst Control Center InstallProxy [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0160AE9C-7ABB-F615-EDB1-4151DF0D12A8}]
Catalyst Control Center Localization All [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2D15950-F118-BE64-018D-38F8BA86EDBF}]
ccc-utility64 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4A2DE0FA-BB5C-4154-CB34-CE0CB920BEAD}]
CCC Help Chinese Standard [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{09AC81F2-A4F3-66D6-F25F-1609EF9B3E55}]
CCC Help Chinese Traditional [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{98DAE47C-159D-9CE1-F315-69A6AD262995}]
CCC Help Czech [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97C88AC2-BB76-28E0-E327-60D34F986527}]
CCC Help Danish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B2B74B47-3CEF-A1E3-88CC-A9F60BBA2DA6}]
CCC Help Dutch [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F6DAC07A-B4E9-B018-8D46-7A128E80F067}]
CCC Help English [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9B01A62F-5908-23B7-CBB9-307D47FB0158}]
CCC Help Finnish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{FEED8571-7B09-0A02-BD38-C28245B264D4}]
CCC Help French [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6820C1C5-176F-E45E-2905-76AA8591639B}]
CCC Help German [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5505EAB8-9F72-8837-348E-CBF318ADAD46}]
CCC Help Greek [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DCEB31F0-3213-0003-3B1E-F7026B1637AA}]
CCC Help Hungarian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{591E94FB-F15C-5045-F87A-E0840A540639}]
CCC Help Italian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{305B866D-F979-D107-7CD3-9C35E8E07FAD}]
CCC Help Japanese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{061F7A5C-0655-B5E4-6F42-5FFEC0F37721}]
CCC Help Korean [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{6C036B50-FBB9-51FD-DEC4-BF4724A37331}]
CCC Help Norwegian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CFCEDA9A-1B02-1DD1-A01D-664F0A320A7F}]
CCC Help Polish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{664F3F50-AB45-897C-EDFA-095E0ADD5C67}]
CCC Help Portuguese [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F800A95D-3CC1-1BBB-05AF-39AC94BCAE06}]
CCC Help Russian [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B5C0E90-65E1-8A0C-C69B-93BA154212A7}]
CCC Help Spanish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{17700924-F2F1-CAFB-4B6A-546A031305FA}]
CCC Help Swedish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{5075FA17-AD98-C2B7-EA00-5B94C8FA7133}]
CCC Help Thai [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1912032B-2FDF-483A-FA2B-1F4A9D73F341}]
CCC Help Turkish [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3CCF4608-EE15-B263-DA9A-DF63E42081EF}]
Core Temp 1.0 RC4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1]
D3DX10 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E09C4DB7-630C-4F06-A631-8EA7239923AF}]
Google Chrome [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Google Chrome]
Google Update Helper [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}]
Java 7 Update 17 (64-bit) [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F86417017FF}]
Java Auto Updater [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4A03706F-666A-4037-7777-5F2748764D10}]
Java(TM) 6 Update 32 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26A24AE4-039D-4CA4-87B4-2F83216032FF}]
Junk Mail filter update [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}]
LogMeIn Hamachi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{106B4413-ACBB-4CDE-8707-587DB9BD77EC}]
LogMeIn Hamachi [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\LogMeIn Hamachi]
Malwarebytes Anti-Malware Version 1.75.0.1300 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Malwarebytes' Anti-Malware_is1]
Mesh Runtime [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8C6D6116-B724-4810-8F2D-D047E6B7D68E}]
Messenger Companion [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}]
Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}]
Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0E3DAF3D-FF69-345A-A99E-1FED304CA083}]
Microsoft .NET Framework 4 Extended [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}]
Microsoft .NET Framework 4 Extended DEU Language Pack [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{02382870-19C7-3ACD-BBAE-F6E3760947DC}]
Microsoft Office Home and Student 2010 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Office14.SingleImage]
Microsoft Silverlight [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{8220EEFE-38CD-377E-8595-13398D740ACE}]
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9BE518E6-ECC6-35A9-88E4-87755C07200F}]
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}]
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{196BB40D-1578-3D01-B289-BEFC77A11A1E}]
Mozilla Firefox 20.0.1 (x86 de) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Mozilla Firefox 20.0.1 (x86 de)]
Mozilla Maintenance Service [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\MozillaMaintenanceService]
MSVCRT [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}]
MSVCRT_amd64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D0B44725-3666-492D-BEF6-587A14BD9BD9}]
Realtek Ethernet Controller Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}]
Realtek High Definition Audio Driver [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}]
SkypeT 6.3 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}]
SOE Web Installer [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\SOE Web Installer]
Synaptics Pointing Device Driver [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\SynTPDeinstKey]
System Requirements Lab CYRI [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{943A8D28-80D6-41DC-AE94-81FEB42041BF}]
Windows Live Communications Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{D45240D3-B6B3-4FF9-B243-54ECE3E10066}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}]
Windows Live Essentials [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinLiveSuite]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}]
Windows Live Family Safety [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{2128559D-BBCD-4744-87F0-7C0CD5CFB464}]
Windows Live Fotogalerie [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B113D18C-67B0-4FB7-B329-E89B66194AE6}]
Windows Live ID Sign-in Assistant [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}]
Windows Live Installer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{0B0F231F-CE6A-483D-AA23-77B364F75917}]
Windows Live Language Selector [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{027E5FAB-1476-4C59-AAB4-32EF28520399}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9D56775A-93F3-44A3-8092-840E3826DE30}]
Windows Live Mail [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{B1239994-A850-44E2-BED8-E70A21124E16}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}]
Windows Live Mesh [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{DECDCB7C-58CC-4865-91AF-627F9798FE48}]
Windows Live Mesh ActiveX control for remote connections [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C5398A89-516C-4DAF-BA07-EE7949090E56}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}]
Windows Live Messenger [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E5B21F11-6933-4E0B-A25C-7963E3C07D11}]
Windows Live Messenger Companion Core [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}]
Windows Live MIME IFilter [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DA54F80E-261C-41A2-A855-549A144F2F59}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{92EA4134-10D1-418A-91E1-5A0453131A38}]
Windows Live Movie Maker [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4E88B54-4777-4659-967A-2EED1E6AFD83}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}]
Windows Live Photo Common [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}]
Windows Live Photo Gallery [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{3336F667-9049-4D46-98B6-4C743EEBC5B1}]
Windows Live PIMT Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83C292B7-38A5-440B-A731-07070E81A64F}]
Windows Live Remote Client [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{DF6D988A-EEA0-4277-AAB8-158E086E439B}]
Windows Live Remote Client Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}]
Windows Live Remote Service [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}]
Windows Live Remote Service Resources [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D930AF5C-5193-4616-887D-B974CEFC4970}]
Windows Live SOXE [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{682B3E4F-696A-42DE-A41C-4C07EA1678B4}]
Windows Live SOXE Definitions [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{200FEC62-3C34-4D60-9CE8-EC372E01C08F}]
Windows Live UX Platform [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}]
Windows Live UX Platform Language Pack [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{37B33B16-2535-49E7-8990-32668708A0A3}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{859D4022-B76D-40DE-96EF-C90CDA263F44}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A726AE06-AAA3-43D1-87E3-70F510314F04}]
Windows Live Writer [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}]
Windows Live Writer Resources [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}]
WinRAR 4.11 (32-Bit) [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\WinRAR archiver]
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Moni\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Moni\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} -
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: System Store (SystemStore) - Unknown owner - C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe
O23 - Service: System Store Service (SystemStoreService) - Unknown owner - C:\Program Files (x86)\Freemium\SystemStore\SystemStore.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
|
|
18.04.2013, 13:02
| #6 |
| /// Malwareteam / Visitor | Laptop sehr langsam und auch laut Sieht gut aus, wir machen weiter Downloade Dir bitte  AdwCleaner auf deinen Desktop.
|
|
18.04.2013, 13:58
| #7 |
| | Laptop sehr langsam und auch laut Erledigt. Hier das Log: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 18/04/2013 um 14:52:34 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Moni - MONI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Moni\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\Moni\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Funmoods
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16476
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\g2kn9ezw.default\prefs.js
C:\Users\Moni\AppData\Roaming\Mozilla\Firefox\Profiles\g2kn9ezw.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.order.1", "Search Results");
Gelöscht : user_pref("browser.search.selectedEngine", "Search Results");
Gelöscht : user_pref("keyword.URL", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=390&systemid=406&apn[...]
*************************
AdwCleaner[S1].txt - [5721 octets] - [18/04/2013 14:52:34]
########## EOF - C:\AdwCleaner[S1].txt - [5781 octets] ##########
|
|
18.04.2013, 14:27
| #8 |
| /// Malwareteam / Visitor | Laptop sehr langsam und auch laut Super gelaufen  Schritt 1 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 2 Downloade dir bitte SecurityCheck (Link 1, Link 2).
Bitte poste in deiner nächsten Antwort:
|
|
| Themen zu Laptop sehr langsam und auch laut |
| ahnung, anhang, bruder, ebanking, festplatte, hängt, installiert, kleiner, langsam, laptop, lüfter, melde, melden, onlinebanking, platte, problem, prozessor, ram, sehr langsam, spiel, spiele, starte, startet, trojaner-board, wichtig, win, zeichen, zusammen |
Linear-Darstellung
