| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Internet ProblemeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
18.07.2013, 19:41
| #1 |
| |  Internet Probleme Ich habe das Problem, dass mein Internet plötzlich anfängt zu laggen( vorallem bei einem Videogame fällt es mir besonders auf), auch beim rumsurfen auf Youtube ist mir dies aufgefallen. Das Video hört urplötzlich auf zu laden und mein Internet funktioniert nicht mehr, obwohl es noch verbunden ist. Browser neustart, Internet erneut verbinden, all dies funktioniert nicht. Ich muss meinen Rechner neustarten, damit mein Internet wieder läuft. Malewarebytes AVG internet security 2012 und ESET haben keine Viren gefunden. Defogger habe ich laufen lassen, aber bei mir kommt eine Meldung und die 2 Optionen: Disable, Re-enable und ich solle ja den Button nicht ohne Anweisung klicken. hier die Logfiles von den anderen. OTL Extras logfile created on: 18.07.2013 01:18:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nerges\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 69,27% Memory free 6,09 Gb Paging File | 5,11 Gb Available in Paging File | 83,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,19 Gb Total Space | 72,96 Gb Free Space | 50,95% Space Free | Partition Type: NTFS Drive D: | 143,18 Gb Total Space | 142,94 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: NERGES-PC | User Name: nerges | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Fotoschau] -- "C:\Program Files\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" () Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [Pixum Fotobuch] -- "C:\Program Files\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" () Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{7AD3376C-347E-46F5-B8E7-34E34E7C8BED}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{C345EEBC-50FB-4E36-9965-32EA6067F1A9}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{15A86B15-ACA3-461F-9A29-75583740A0E6}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{25B68D33-DC16-4FAA-9792-FEBA05B16F0E}" = protocol=6 | dir=in | app=c:\program files\1&1\fboxupd.exe | "{26405D80-6958-48E4-BD95-4C7DD013A938}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | "{2DC1A03E-25E8-4F4C-8150-F7DA8FBA2C03}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{3AFC9E08-6390-4203-8D15-E888FDF1D9F2}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{3FBB7E09-CE47-4A81-AB75-079E9F83C455}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{4A89A180-A54C-456F-A08A-304A931BD317}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{4EA4A5AD-80DB-4AB5-BAD9-871B25C86BE6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{4FC54D97-FCDA-49F4-8938-590C801B3733}" = protocol=6 | dir=in | app=c:\program files\1&1\webwaigd.exe | "{527EA250-0D2C-4B43-940D-43540029A14B}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\rm.exe | "{57D77CBA-35E2-46E1-9B33-1B016C161D50}" = protocol=17 | dir=in | app=c:\program files\1&1\webwaigd.exe | "{615CC4D0-9C69-407F-BE86-B763FE804F12}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{6295E311-1374-4FAF-BDDB-70DB7181FE60}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe | "{677AD9A6-D0C8-4C62-9E37-5C2086C59525}" = protocol=17 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "{691532B1-5DA4-4DCA-B17D-18CC73EE8D90}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "{6B256466-A6F0-4136-B7CC-4A828A0923B2}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe | "{7109B2BB-D8EE-4572-AFA7-1CA289E5E770}" = protocol=17 | dir=in | app=c:\program files\1&1\fboxupd.exe | "{7EE7EB38-A430-4F5B-9E1C-58B94BB7C8E0}" = protocol=6 | dir=in | app=c:\program files\garena\garena.exe | "{8232C7CD-8FCA-4051-8F1B-51ED312E54FB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | "{82C36A05-1A6C-422B-A42A-D50542418EB6}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{87FB78AD-283D-4550-A0FD-0842B5A42E4E}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{99783AF5-3E2C-42BE-AB04-370992703A39}" = protocol=17 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | "{9A58B480-5D3A-4881-AA14-110E54A0B98A}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | "{9D7C6687-39AF-417D-8C90-8658152012F5}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{A329DD6C-1B73-44DD-A38B-44D8D654C753}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\videospin.exe | "{AC90A4B9-F42C-49DD-BCD6-0ECD6D8098C3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B16658EB-6CC8-4D05-B226-90409D702E99}" = protocol=6 | dir=in | app=c:\program files\voipwise.com\voipwise\voipwise.exe | "{B17CE979-74F7-40F7-9AF1-9B09A738919C}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{B5996CC3-646F-4147-94F2-F53EC9673388}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{B651CA0E-75B2-4FC9-81A5-3A41C9A008D7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe | "{BF279619-05D7-497B-A8BE-2137CFB9004F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C47EACBC-1927-4F72-A2B7-F3F03A44F327}" = protocol=17 | dir=in | app=c:\program files\garena\garena.exe | "{C480FF3F-8B21-40A6-9C5C-FE301710ADAE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{C5F18F0B-9AC6-4228-8C8A-C5A74680EDB5}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C6D0A746-C67F-4725-9BE0-403037EFACD3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{C7984296-D51A-43D7-BFBF-102D65A98638}" = protocol=6 | dir=in | app=c:\program files\pinnacle\videospin\programs\umi.exe | "{C85875EB-D6A4-41F6-9E86-6B68C2DAE271}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe | "{CC92A875-0703-4E1B-8B46-3DB4E252DFE7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{CF2F0374-EFFB-4356-B6D8-B7385F8D65A1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | "{D94CED39-6BE9-4662-831D-16773BB9DC3C}" = protocol=17 | dir=in | app=c:\program files\1&1\igdctrl.exe | "{EE724978-99D2-4D26-ADC9-D6F12A8845B3}" = protocol=6 | dir=in | app=c:\program files\1&1\igdctrl.exe | "{F49B8B07-0B90-4CAD-A3CE-49D8BB2F45C7}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe | "{F61E56FE-7FC7-44C3-9392-D66382E6C8AE}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe | "{F9F6E034-F184-4A64-920D-D46DA0751BFF}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{FD7C5667-573B-49CA-BBBB-19063145A3AB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe | "TCP Query User{25CF99EA-FC65-44D9-BA07-283B867A8DA2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{CF7F2FC0-F194-4F1F-92C9-C78AFB004D11}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{88F18374-6B7D-4487-A2E8-807F85F799AD}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D6BE7F55-E5AF-46C4-8514-05B230069073}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{02570AE0-BEE0-4A6C-BE3F-D806E9F2EA17}" = ScanSoft PaperPort 11 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20 "{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25 "{2A05D5FF-6D89-48B6-A078-E197EB33711C}" = AVG 2012 "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer "{30C01299-554C-4B62-BD0F-849F43E01C91}_is1" = Pokemon World Online version 1.83 "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012 "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{40034B11-149E-4310-AE89-BB575B02525B}" = LG Internet Kit "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4E9F7AD8-E3EC-4636-BD25-A5AD97E73C64}" = FRITZ!Box starter "{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup "{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0 "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = eMachines ScreenSaver "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11019760}" = eMachines "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110305887}" = Diner Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver "{A407FC22-36BF-4C82-A516-59D94BC505A9}" = System Requirements Lab Detection "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1 "{D1D632A2-E249-466D-A094-B1B934D37645}_is1" = Stronghold Kingdoms "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{D8CD8BBE-81F6-49CB-84D2-A1E616875792}" = AVG 2012 "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG" = AVG 2012 "Avidemux 2.6" = Avidemux 2.6 (32-bit) "CCleaner" = CCleaner "cFosSpeed" = cFosSpeed v9.04 "DivX Setup" = DivX-Setup "DivX Subtitle Displayer_is1" = DivX Subtitle Displayer 5.00 "DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar "ESET Online Scanner" = ESET Online Scanner v3 "EZTitles IV_is1" = EZTitles Demo 4.1.21 "FormatFactory" = FormatFactory 3.0.1 "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Studio_is1" = Free Studio version 5.1.4 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128 "Garena" = Garena 2010 "Google Chrome" = Google Chrome "Google Desktop" = Google Desktop "HDMI" = Intel(R) Graphics Media Accelerator Driver "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5 "LManager" = Launch Manager "MagicDisc 2.7.106" = MagicDisc 2.7.106 "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 22.0 (x86 de)" = Mozilla Firefox 22.0 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "PFPortChecker" = PFPortChecker 1.0.39 "Pixum Fotobuch" = Pixum Fotobuch "SearchElf_1.2 Toolbar" = SearchElf 1.2 Toolbar "TuneUp Utilities 2012" = TuneUp Utilities 2012 "Uninstall_is1" = Uninstall 1.0.0.1 "uTorrent" = µTorrent "VLC media player" = VLC media player 2.0.5 "Voipwise_is1" = Voipwise "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR "XfireXO Toolbar" = XfireXO Toolbar "Yahoo! Companion" = Yahoo! Toolbar ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater "GameRanger" = GameRanger "soe-PlanetSide 2 PSG" = PlanetSide 2 "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 16.07.2013 20:40:07 | Computer Name = nerges-PC | Source = Windows Search Service | ID = 3013 Description = Error - 17.07.2013 16:31:00 | Computer Name = nerges-PC | Source = WinMgmt | ID = 10 Description = Error - 17.07.2013 16:47:18 | Computer Name = nerges-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.07.2013 18:17:43 | Computer Name = nerges-PC | Source = WinMgmt | ID = 10 Description = Error - 17.07.2013 18:18:28 | Computer Name = nerges-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 17.07.2013 18:41:41 | Computer Name = nerges-PC | Source = WinMgmt | ID = 10 Description = Error - 17.07.2013 18:45:45 | Computer Name = nerges-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error encountered while reading event logs. < End of report > OTL logfile created on: 18.07.2013 01:18:50 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\nerges\Downloads Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19088) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,93 Gb Total Physical Memory | 2,03 Gb Available Physical Memory | 69,27% Memory free 6,09 Gb Paging File | 5,11 Gb Available in Paging File | 83,85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 143,19 Gb Total Space | 72,96 Gb Free Space | 50,95% Space Free | Partition Type: NTFS Drive D: | 143,18 Gb Total Space | 142,94 Gb Free Space | 99,83% Space Free | Partition Type: NTFS Computer Name: NERGES-PC | User Name: nerges | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.07.18 01:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\nerges\Downloads\OTL.exe PRC - [2013.07.18 01:10:31 | 000,050,477 | ---- | M] () -- C:\Users\nerges\Desktop\Defogger.exe PRC - [2013.04.19 16:45:50 | 000,438,112 | R--- | M] (cFos Software GmbH) -- C:\Programme\cFosSpeed\spd.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.02.27 17:38:44 | 001,259,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe PRC - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgfws.exe PRC - [2012.11.19 18:25:32 | 002,598,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe PRC - [2012.11.08 04:51:06 | 000,768,632 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe PRC - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe PRC - [2012.10.25 14:08:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE PRC - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.05.29 13:09:52 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe PRC - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () -- C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe PRC - [2010.04.16 22:12:28 | 003,872,080 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe PRC - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.06.27 12:33:18 | 006,244,896 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe ========== Modules (No Company Name) ========== MOD - [2013.07.18 01:10:31 | 000,050,477 | ---- | M] () -- C:\Users\nerges\Desktop\Defogger.exe MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll ========== Services (SafeList) ========== SRV - [2013.06.26 14:44:17 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.06.11 20:52:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.04.19 16:45:50 | 000,438,112 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\cFosSpeed\spd.exe -- (cFosSpeedS) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.05 04:44:54 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgfws.exe -- (avgfws) SRV - [2012.11.02 04:51:18 | 005,174,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.25 14:08:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE) SRV - [2012.08.10 12:42:54 | 000,150,464 | ---- | M] (Futuremark Corporation) [Disabled | Stopped] -- C:\Programme\Futuremark\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.05.29 13:09:52 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.11.22 10:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.07.01 00:32:00 | 003,563,392 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2008.11.09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Programme\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008.06.11 11:18:30 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\EMACHINES\eMachines Recovery Management\Service\ETService.exe -- (ETService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.25 17:09:18 | 000,087,344 | ---- | M] (AVM Berlin) [Disabled | Stopped] -- C:\Programme\1&1\IGDCTRL.EXE -- (IGDCTRL) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Garena\safedrv.sys -- (GGSAFERDriver) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11113.sys -- (EraserUtilDrv11113) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\TEMP\cpuz135\cpuz135_x32.sys -- (cpuz135) DRV - [2013.04.19 16:45:52 | 001,242,464 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\cfosspeed6.sys -- (cFosSpeed) DRV - [2013.04.11 03:18:40 | 000,302,368 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.02.28 19:06:23 | 000,016,976 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EAGLENT.SYS -- (EagleNT) DRV - [2012.12.10 04:28:36 | 000,142,176 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012.11.08 04:49:26 | 000,250,080 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.05.08 15:21:42 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.03.02 17:02:00 | 000,025,088 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandmodem.sys -- (ANDModem) DRV - [2012.03.02 17:02:00 | 000,020,736 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lganddiag.sys -- (AndDiag) DRV - [2012.03.02 17:02:00 | 000,020,096 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandgps.sys -- (AndGps) DRV - [2012.03.02 17:02:00 | 000,014,336 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgandbus.sys -- (Andbus) DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avgidsfilterx.sys -- (AVGIDSFilter) DRV - [2011.07.22 18:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2011.07.12 23:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2011.05.23 01:03:28 | 000,047,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgfwd6x.sys -- (Avgfwfd) DRV - [2009.02.24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus) DRV - [2008.11.04 07:13:32 | 000,952,320 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.06.11 11:13:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2008.06.10 12:54:36 | 000,123,904 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2008.02.18 16:09:40 | 000,166,960 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2005.01.03 08:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\npptNT2.sys -- (NPPTNT2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKLM\..\URLSearchHook: {f4e6547e-325b-403c-a3bb-ad29ed37a92f} - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=0407&s=2&o=vp32&d=0610&m=e720 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=15183 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{105E99FF-8B9A-4492-B155-06194B9056D2}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=83A2CB4A-54C2-4A48-8E02-C0BACCFED928&apn_sauid=C4C94F7B-3880-49FE-B028-D672A325C5F6 IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACEW_deDE387 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACEW_deDE387&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=Qyrx0_wfJ9i4vRTVYWnpmI6hCR0?q={searchTerms} IE - HKCU\..\SearchScopes\{8D4DFA7A-C26D-4BD4-B09C-E9BA613B381D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACEW_deDE387 IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2769726 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms} IE - HKCU\..\SearchScopes\Plasmoo: "URL" = hxxp://plasmoo.com/index.htm?SearchMashine=true&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\nerges\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.08 23:49:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.03.10 20:46:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013.03.10 22:18:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 14:44:10 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{D7EBE077-16BF-49CE-95D5-4C0684E8807A}: C:\Users\nerges\AppData\Local\{D7EBE077-16BF-49CE-95D5-4C0684E8807A} [2012.07.12 20:36:44 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.26 14:44:10 | 000,000,000 | ---D | M] [2010.07.11 22:14:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\Extensions [2013.07.17 01:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions [2012.07.12 20:36:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.07.17 01:41:36 | 000,000,000 | ---D | M] (BrowseToolE0170 Community Toolbar) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2013.05.11 00:19:28 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2013.07.15 01:41:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.07.12 18:50:15 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.07.12 20:36:58 | 000,000,000 | ---D | M] (Plasmoo Search Engine) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\engine@plasmoo.com [2013.06.29 18:49:21 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\ich@maltegoetz.de [2013.03.10 17:54:27 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\nerges\AppData\Roaming\mozilla\Firefox\Profiles\p92avse4.default\extensions\toolbar@stumbleupon.com [2012.12.11 15:48:32 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.05.09 00:17:27 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.07.12 00:10:00 | 000,275,262 | ---- | M] () (No name found) -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.06.25 15:59:20 | 000,002,308 | ---- | M] () -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\searchplugins\askcom.xml [2010.10.03 16:04:11 | 000,000,873 | ---- | M] () -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\searchplugins\conduit.xml [2011.04.28 19:42:58 | 000,001,975 | ---- | M] () -- C:\Users\nerges\AppData\Roaming\mozilla\firefox\profiles\p92avse4.default\searchplugins\plasmoo.xml [2013.06.26 14:44:09 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.06.26 14:44:18 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2012.07.12 18:48:48 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: Ask (Enabled) CHR - default_search_provider: search_url = hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=83A2CB4A-54C2-4A48-8E02-C0BACCFED928&apn_ptnrs=U3&apn_sauid=C4C94F7B-3880-49FE-B028-D672A325C5F6&apn_dtid=OSJ000YYDE&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms} CHR - homepage: hxxp://www.ask.com/?l=dis&o=15183cr CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll CHR - plugin: registryAccess (Enabled) = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\background/registryAccess.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U25 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Unity Player (Enabled) = C:\Users\nerges\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll CHR - plugin: Java Deployment Toolkit 7.0.250.17 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - Extension: Ask Toolbar = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.23.42079_0\ CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\ CHR - Extension: StumbleUpon = C:\Users\nerges\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\nerges\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found O3 - HKCU\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Programme\XfireXO\tbXfir.dll (Conduit Ltd.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH) O4 - HKLM..\Run: [DivXMediaServer] C:\Programme\DivX\DivX Media Server\DivXMediaServer.exe (DivX, LLC) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\nerges\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\nerges\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Free YouTube Download - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\1&1\\sarah.dll () O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O10 - Protocol_Catalog9\Catalog_Entries\000000000035 - C:\Program Files\1&1\sarah.dll (AVM Berlin) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 10.25.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5796412E-4118-4D79-87A3-811A6F529221}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{9996e7c2-1d00-11e0-ac05-00235a559376}\Shell - "" = AutoRun O33 - MountPoints2\{9996e7c2-1d00-11e0-ac05-00235a559376}\Shell\AutoRun\command - "" = F:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.07.18 00:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.07.15 03:18:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\cFosSpeed Traffic Shaping [2013.07.15 03:18:02 | 001,242,464 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed6.sys [2013.07.15 03:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed [2013.07.15 03:17:40 | 000,000,000 | ---D | C] -- C:\Users\nerges\AppData\Local\cFos [2013.07.15 03:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\cFos [2013.07.15 03:17:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\logs [2013.07.14 01:10:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.14 01:10:36 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.07.04 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\nerges\AppData\Roaming\FRITZ! [2013.07.04 20:50:43 | 000,000,000 | ---D | C] -- C:\Users\nerges\AppData\Local\FRITZ! [2013.07.04 20:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FRITZ!DSL [2013.07.04 20:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVM [2013.07.04 20:40:33 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 [2013.07.04 20:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard [2013.06.26 14:57:53 | 000,000,000 | -HSD | C] -- C:\found.001 [2013.06.26 14:44:08 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.06.25 15:56:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2013.06.25 15:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.18 01:12:03 | 000,000,000 | ---- | M] () -- C:\Users\nerges\defogger_reenable [2013.07.18 01:10:31 | 000,050,477 | ---- | M] () -- C:\Users\nerges\Desktop\Defogger.exe [2013.07.18 00:51:15 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.18 00:46:49 | 000,673,502 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.18 00:46:49 | 000,633,712 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.18 00:46:49 | 000,145,482 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.18 00:46:49 | 000,119,278 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.18 00:40:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 00:40:17 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.18 00:40:17 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2013.07.18 00:40:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.18 00:40:08 | 3147,841,536 | -HS- | M] () -- C:\hiberfil.sys [2013.07.18 00:39:22 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.07.17 20:46:42 | 127,383,447 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2013.07.17 12:46:03 | 000,396,422 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2013.07.15 03:18:57 | 000,001,140 | ---- | M] () -- C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk [2013.07.15 03:18:05 | 000,001,224 | ---- | M] () -- C:\Users\nerges\Desktop\cFosSpeed Features.lnk [2013.07.15 03:08:58 | 000,323,960 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.14 21:08:56 | 000,000,216 | ---- | M] () -- C:\Users\nerges\Documents\PWOOptions.ini [2013.07.14 15:02:32 | 000,008,422 | ---- | M] () -- C:\Users\nerges\Documents\cc_20130714_150229.reg [2013.07.14 01:10:38 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.13 15:09:30 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.07.13 15:09:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.07.04 20:40:34 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2013.06.27 19:45:55 | 000,016,918 | ---- | M] () -- C:\Users\nerges\Documents\Unbenannt 12.odt [2013.06.26 14:16:56 | 000,014,824 | ---- | M] () -- C:\Users\nerges\Documents\Unbenannt 1.odt [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.18 01:12:03 | 000,000,000 | ---- | C] () -- C:\Users\nerges\defogger_reenable [2013.07.18 01:10:31 | 000,050,477 | ---- | C] () -- C:\Users\nerges\Desktop\Defogger.exe [2013.07.15 03:18:57 | 000,001,140 | ---- | C] () -- C:\Users\nerges\Desktop\cFosSpeed Calibration.lnk [2013.07.15 03:18:05 | 000,001,224 | ---- | C] () -- C:\Users\nerges\Desktop\cFosSpeed Features.lnk [2013.07.14 15:02:31 | 000,008,422 | ---- | C] () -- C:\Users\nerges\Documents\cc_20130714_150229.reg [2013.07.14 01:10:38 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.04 20:40:34 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\FRITZ!Box starter.lnk [2013.06.27 19:45:52 | 000,016,918 | ---- | C] () -- C:\Users\nerges\Documents\Unbenannt 12.odt [2013.03.19 15:39:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2013.03.19 15:39:52 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2012.12.30 05:21:29 | 000,045,194 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\room_v3.dat [2012.08.05 01:51:22 | 000,099,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2012.07.09 23:37:26 | 000,001,055 | ---- | C] () -- C:\Windows\eReg.dat [2012.03.11 22:51:07 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.03.11 22:37:04 | 000,031,864 | ---- | C] () -- C:\Windows\maxlink.ini [2011.12.24 01:22:02 | 000,000,272 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\.backup.dm [2011.10.10 18:33:12 | 000,005,115 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini [2011.09.04 22:54:13 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2011.03.23 15:33:47 | 000,000,120 | ---- | C] () -- C:\Users\nerges\AppData\Local\Xfuqetureto.dat [2011.03.23 15:33:47 | 000,000,000 | ---- | C] () -- C:\Users\nerges\AppData\Local\Tzawewisu.bin [2011.03.22 15:22:08 | 000,046,658 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\room.dat [2010.10.08 20:11:01 | 000,000,552 | ---- | C] () -- C:\Users\nerges\AppData\Local\d3d8caps.dat [2010.10.03 16:06:03 | 000,000,742 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\wklnhst.dat [2010.09.18 21:57:48 | 000,000,000 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\chrtmp [2010.09.18 21:57:30 | 000,236,358 | ---- | C] () -- C:\Users\nerges\AppData\Roaming\MultiHack Metin2 V.1.4.rar [2010.09.18 19:15:32 | 000,000,680 | ---- | C] () -- C:\Users\nerges\AppData\Local\d3d9caps.dat [2010.07.15 19:24:18 | 000,041,984 | ---- | C] () -- C:\Users\nerges\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.08 17:52:38 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 17:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 06:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 04:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.15 02:04:00 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\AVG [2012.07.08 23:53:15 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\AVG2012 [2013.03.10 22:35:20 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\avidemux [2013.05.26 20:00:11 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Awesomium [2012.07.12 18:48:39 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Babylon [2012.07.12 18:48:59 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\BabylonToolbar [2011.01.11 00:48:25 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Bilder [2012.12.07 22:42:23 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Carbon [2013.07.17 01:44:14 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\DVDVideoSoft [2011.07.26 20:23:03 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.16 16:46:33 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\EoN [2013.04.04 02:01:37 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Firefly Studios [2011.04.15 19:06:32 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Fotobuchexpress24 [2013.07.04 20:51:54 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\FRITZ! [2012.07.10 20:33:21 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\GameRanger [2010.10.11 12:07:32 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\InterVideo [2012.10.22 17:34:20 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\LolClient [2013.05.10 21:35:35 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\OpenOffice.org [2011.03.23 16:36:51 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Sysutils_Update [2010.10.03 16:06:15 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Template [2012.07.12 20:35:52 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\TuneUp Software [2012.12.29 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Unity [2013.04.10 14:34:47 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\uTorrent [2011.11.18 22:45:08 | 000,000,000 | ---D | M] -- C:\Users\nerges\AppData\Roaming\Voipwise ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:861A898F @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9F683177 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9B52F176 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4CF61E54 @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:B623B5B8 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:4BB26BE9 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:3E7393FC < End of report > GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-07-18 20:36:23 Windows 6.0.6001 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-22ZCT0 rev.11.01A11 298,09GB Running: gmer_2.1.19163.exe; Driver: C:\Users\nerges\AppData\Local\Temp\uwdiqpod.sys ---- System - GMER 2.1 ---- SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeKey [0x99050004] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwNotifyChangeMultipleKeys [0x990500D4] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwOpenProcess [0x9904FD76] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateProcess [0x9904FE1E] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwTerminateThread [0x9904FEBA] SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys ZwWriteVirtualMemory [0x9904FF56] ---- Kernel code sections - GMER 2.1 ---- .text ntkrnlpa.exe!KeSetTimerEx + 5F0 81AC9C14 8 Bytes [04, 00, 05, 99, D4, 00, 05, ...] {ADD AL, 0x0; ADD EAX, 0x500d499; CDQ } .text ntkrnlpa.exe!KeSetTimerEx + 624 81AC9C48 4 Bytes [76, FD, 04, 99] {JBE 0xffffffff; ADD AL, 0x99} .text ntkrnlpa.exe!KeSetTimerEx + 854 81AC9E78 8 Bytes [1E, FE, 04, 99, BA, FE, 04, ...] .text ntkrnlpa.exe!KeSetTimerEx + 8B4 81AC9ED8 4 Bytes [56, FF, 04, 99] {PUSH ESI; INC DWORD [ECX+EBX*4]} ---- Devices - GMER 2.1 ---- AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys AttachedDevice \Driver\tdx \Device\Tcp avgtdix.sys AttachedDevice \Driver\tdx \Device\Udp avgtdix.sys AttachedDevice \Driver\tdx \Device\RawIp avgtdix.sys ---- Processes - GMER 2.1 ---- Process (*** hidden *** ) [4] 83CC95B0 ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0011f6064b0b Reg HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0011f6064b0b (not active ControlSet) Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xC8 0x28 0x51 0xAF ... Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ... Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0xFF 0x7C 0x85 0xE0 ... Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ... Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ... Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0x50 0x93 0xE5 0xAB ... Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0x97 0x20 0x4E 0x9A ... Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ... Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ... Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x3D 0xCE 0xEA 0x26 ... Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0x2A 0xB7 0xCC 0xB5 ... Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32 Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\Windows\system32\OLE32.DLL Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ... ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- |
| Themen zu Internet Probleme |
| bho, converter, desktop, dvdvideosoft ltd., error, excel, flash player, funktioniert nicht mehr, google, home, iexplore.exe, install.exe, installation, internet, internet problem, internet probleme, intranet, keine viren, launch, metin2, mozilla, mp3, plug-in, problem, realtek, registry, scan, security, senden, software, svchost.exe, symantec, viren, vista |
Baum-Darstellung