| |
| |||||||
Log-Analyse und Auswertung: System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-(Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.03.2011, 20:23
| #1 |
 |  System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Hallo liebe Profis ;-) habe ein Problem und zwar ist mein System dauerhaft ausgelastet über 50 % teilweise sogar bis zu 100 % daher läuft er recht langsam und sehr schwerfällig,... Hier mal ein Bild dazu:  In Groß: www.bilder-space.de/show_img.php?img=7e66a9-1300735176.jpg&size=original so sieht das immer aus und ich verstehe nicht warum bitte dringend um Hilfe!! Lg Shuyin |
|
21.03.2011, 20:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Geht das Bild noch bitte etwas kleiner?
__________________  Na mal ehrlich. Welcher Prozess sorgt für die Auslastung? Schau bitte im Taskmanager nach.
__________________ |
|
21.03.2011, 20:36
| #3 |
| | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( hatte doch darunter einen link gepostet für die Großansicht, entschuldigung.
__________________hier ein link zu dem Bild von meinen Prozessen,... hxxp://www.bilder-space.de/bilder/50f4df-1300736065.jpg die ganze Zeit stad es bei Firefox nun hatte ich firefox gelöscht und wieder neu installiert, aber jetzt steht es bei internetexplorer. |
|
21.03.2011, 20:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.03.2011, 21:08
| #5 |
| | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Das wird wohl ne längere sache^^ wenn es Fertig ist lade ich es hoch er ist dran am Scannen |
|
21.03.2011, 22:14
| #6 |
| | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( So ich habe ein Problem und zwar stürzt das Programm (Malwarebytes) immer nach ca. 40 min ab und legt den Comuter flach das ich ihn einfach ausschalten und wider anschalten muss,... Somit kann ich das irgendwie nicht nutze, bitte um weiter Hilfe ;-( |
|
22.03.2011, 09:47
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Dann mach erstmal ein Update von Malwarebytes und anschließend nur einen Quickscan.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2011, 21:11
| #8 |
| | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( hey die Datenbank ist aktuell,... ich habe jetzt alles versucht auch sehr oft, aber es stürzt immer ab(Ob Full- Scan oder Quick- Scan), es kommt immer keine Rückmeldung,... was kann ich noch machen? |
|
22.03.2011, 21:13
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Dann mach erstmal nur den Scan mit OTL.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2011, 21:25
| #10 |
| | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Hier die erste Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2011 21:16:27 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\media\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 227,03 Gb Free Space | 49,79% Space Free | Partition Type: NTFS Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\media\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Users\media\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\vsnpstd3.exe () ========== Modules (SafeList) ========== MOD - C:\Users\media\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hba-crew.to IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Bigpoint Games DE Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&q=&SearchSource=2" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.09.22 09:24:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 20:03:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.21 19:49:09 | 000,000,000 | ---D | M] [2009.09.27 23:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions [2009.09.27 23:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.03.22 21:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions [2011.03.21 20:04:47 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e} [2011.03.21 20:05:08 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2011.03.21 20:05:26 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.09.06 20:53:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.21 20:05:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\engine@conduit.com [2010.09.19 20:48:41 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\finder@meingutscheincode.de [2011.03.22 21:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\staged [2010.08.10 20:10:23 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\support@predictad.com [2010.10.07 11:55:31 | 000,002,392 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\askcom.xml [2011.01.26 19:08:02 | 000,000,937 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\conduit.xml [2010.10.01 12:45:28 | 000,010,017 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\mywebsearch.xml [2011.03.19 18:39:03 | 000,005,401 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\searchcanvas.xml [2011.03.21 20:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.22 20:29:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.28 16:32:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.03 19:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 20:12:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2009.09.15 17:39:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009.09.15 17:42:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.11.10 13:43:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.09 18:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.22 20:29:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.28 16:32:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.03 19:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 20:12:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009.09.17 02:02:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac7311\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe () O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [apocalyps32] C:\Users\media\AppData\Roaming\apocalyps32.exe (GASPmIhnj) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\media\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [HKCU] C:\directory\CyberGate\install\server.exe (rhMV) O4 - HKCU..\Run: [Spiele Post] File not found O4 - Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\media\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\Shell - "" = AutoRun O33 - MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\Shell\AutoRun\command - "" = E:\Autostart.exe O33 - MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\Shell - "" = AutoRun O33 - MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.22 21:15:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\media\Desktop\OTL.exe [2011.03.21 20:47:55 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes [2011.03.21 20:47:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.21 20:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.21 20:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.21 20:47:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.21 20:47:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.21 20:46:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\media\Desktop\mbam-setup.exe [2011.03.21 20:33:15 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\Firefoxx [2011.03.13 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\Selina Handy [2011.03.09 21:18:24 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 21:18:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 21:18:24 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 21:18:24 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.08 19:23:26 | 000,000,000 | ---D | C] -- C:\directory [2011.03.08 19:23:11 | 000,552,960 | ---- | C] (rhMV) -- C:\Users\media\AppData\Roaming\neu.exe [2011.03.05 20:27:54 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\USB AUTO [2011.03.05 11:27:53 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Modelchance_38227BF2 [2011.03.05 11:27:49 | 000,372,736 | ---- | C] (GASPmIhnj) -- C:\Users\media\AppData\Roaming\apocalyps32.exe [2011.03.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\media\Start Menu [2011.03.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\media\Application Data [2011.02.25 23:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.02.25 23:54:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.02.24 03:03:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 03:00:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 03:00:35 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 03:00:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 03:00:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 03:00:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 03:00:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 03:00:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 03:00:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 03:00:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 03:00:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 03:00:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 03:00:26 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 03:00:26 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.24 03:00:26 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.24 03:00:26 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.24 03:00:26 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.08.10 20:10:20 | 002,944,904 | ---- | C] (Ask) -- C:\Programme\Common Files\AskToolbarInstaller.exe [2010.03.30 01:50:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.03.30 01:50:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2009.07.24 23:24:19 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\media\AppData\Local\CDRip.dll [2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\media\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\media\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\media\AppData\Local\bass.dll [2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2011.03.22 21:15:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\media\Desktop\OTL.exe [2011.03.22 21:12:48 | 000,150,364 | -H-- | M] () -- C:\Users\media\AppData\Roaming\cglogs.dat [2011.03.22 21:05:24 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95697187-C0EB-4020-8E2F-0247A6A8063B}.job [2011.03.22 21:05:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.22 21:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.22 19:55:20 | 000,372,736 | ---- | M] (GASPmIhnj) -- C:\Users\media\AppData\Roaming\apocalyps32.exe [2011.03.22 19:49:48 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.21 22:04:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.21 22:04:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.21 22:03:47 | 3215,908,864 | -HS- | M] () -- C:\hiberfil.sys [2011.03.21 20:47:48 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 20:46:58 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\media\Desktop\mbam-setup.exe [2011.03.21 20:34:01 | 000,037,456 | ---- | M] () -- C:\Users\media\Desktop\Zwischenablage01.jpg [2011.03.21 19:54:26 | 000,007,460 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.21 18:20:39 | 000,032,712 | ---- | M] () -- C:\Users\media\Desktop\Gnofae.pdf [2011.03.20 18:16:04 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.20 18:16:04 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.20 18:16:04 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.20 18:16:04 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.16 17:09:42 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.15 21:34:41 | 000,006,836 | ---- | M] () -- C:\Users\media\AppData\Local\d3d9caps.dat [2011.03.12 03:01:27 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.03.08 19:23:13 | 000,552,960 | ---- | M] (rhMV) -- C:\Users\media\AppData\Roaming\neu.exe [2011.03.06 00:09:55 | 000,121,856 | ---- | M] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.25 14:14:52 | 210,953,230 | ---- | M] () -- C:\Users\media\Desktop\Sept_91_GebDo_Allg.wmv ========== Files Created - No Company Name ========== [2011.03.21 20:47:48 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 20:34:01 | 000,037,456 | ---- | C] () -- C:\Users\media\Desktop\Zwischenablage01.jpg [2011.03.21 20:03:37 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.21 18:20:39 | 000,032,712 | ---- | C] () -- C:\Users\media\Desktop\Gnofae.pdf [2011.02.25 19:42:02 | 210,953,230 | ---- | C] () -- C:\Users\media\Desktop\Sept_91_GebDo_Allg.wmv [2011.02.24 03:00:28 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 03:00:28 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.24 03:00:28 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.09.30 22:04:35 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.30 22:04:35 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.06 07:38:35 | 000,193,263 | ---- | C] () -- C:\Windows\hphins34.dat [2010.09.06 07:38:35 | 000,000,532 | ---- | C] () -- C:\Windows\hphmdl34.dat [2010.06.25 22:47:39 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.06.25 22:47:39 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.06.25 22:47:39 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.06.25 22:47:38 | 000,723,978 | ---- | C] () -- C:\Users\media\AppData\Roaming\unins000.exe [2010.06.25 22:47:38 | 000,559,104 | ---- | C] () -- C:\Windows\System32\lame.exe [2010.06.25 22:47:38 | 000,013,099 | ---- | C] () -- C:\Users\media\AppData\Roaming\unins000.dat [2010.04.04 17:33:44 | 000,001,471 | ---- | C] () -- C:\Users\media\AppData\Local\RecConfig.xml [2010.03.30 01:50:43 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.03.30 01:50:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2010.03.30 01:50:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2010.03.30 01:50:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.03.30 01:50:42 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2010.03.13 12:23:34 | 000,000,170 | ---- | C] () -- C:\Users\media\AppData\Roaming\burnaware.ini [2009.12.07 19:39:40 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.12.07 19:39:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.22 17:29:05 | 000,024,632 | ---- | C] () -- C:\Users\media\AppData\Roaming\addons.dat [2009.10.22 17:29:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.22 17:29:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.18 22:31:39 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys [2009.10.14 13:11:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.11 16:56:42 | 000,000,601 | ---- | C] () -- C:\Windows\eReg.dat [2009.10.08 19:17:30 | 000,007,460 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.09.15 20:59:55 | 000,000,116 | ---- | C] () -- C:\Users\media\AppData\Roaming\wklnhst.dat [2009.09.15 14:46:03 | 000,121,856 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.08 16:31:37 | 000,006,836 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat [2009.07.24 23:11:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.24 23:11:49 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.07.24 23:11:48 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.07.24 23:11:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.07.24 23:11:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.07.24 23:11:48 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009.07.24 14:47:42 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.07.24 14:40:22 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.07.24 14:40:22 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.07.24 14:40:22 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.07.24 14:40:22 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.24 14:38:35 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.07.24 14:38:35 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.07.24 14:38:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.07.24 14:38:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.07.24 14:38:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.07.24 14:38:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.07.24 14:33:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.05.07 01:01:00 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2009.03.12 11:47:51 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 11:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 11:47:51 | 000,128,990 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 11:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 03:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.12.11 21:38:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2008.04.08 13:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\media\AppData\Local\lame_enc.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,298,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.27 12:52:34 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.ini [2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\media\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\media\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\media\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\media\AppData\Local\ogg.dll [2006.09.19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\media\AppData\Local\no23xwrapper.dll [2005.04.08 03:16:43 | 000,150,364 | -H-- | C] () -- C:\Users\media\AppData\Roaming\cglogs.dat [2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:40EE25BB @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3A7527E8 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FAB64002 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DC0B1070 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E8CB831A @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:041C0562 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7F08EA3 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A6D6E537 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8B4B9596 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2DF54B62 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:864881BF @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:814B9485 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1CDEDE11 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D3A89E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A2FF62A6 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:71004506 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:13EF4AF6 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B1786630 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:71612023 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3086B95F @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:981884E7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:C30487EE @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:9491C9C7 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:57176330 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:29F0CA7D @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3D36932D @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B1EA607 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:124B94C0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:95198126 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:00811B66 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:0ED4AC2F < End of report > und hier die 2te Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2011 21:16:27 - Run 1 OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\media\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19019) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free 6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 455,99 Gb Total Space | 227,03 Gb Free Space | 49,79% Space Free | Partition Type: NTFS Computer Name: MEDIA-PC | User Name: media | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\media\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Google\Update\1.2.183.39\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Users\media\Program Files\DNA\btdna.exe (BitTorrent, Inc.) PRC - C:\Programme\Winamp\winampa.exe () PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated) PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) PRC - C:\Programme\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\conime.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Windows\vsnpstd3.exe () ========== Modules (SafeList) ========== MOD - C:\Users\media\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated) ========== Win32 Services (SafeList) ========== SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe () SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys () DRV - (ss_mdm) -- C:\Windows\System32\drivers\ss_mdm.sys (MCCI Corporation) DRV - (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM) -- C:\Windows\System32\drivers\ss_bus.sys (MCCI Corporation) DRV - (ss_mdfl) -- C:\Windows\System32\drivers\ss_mdfl.sys (MCCI Corporation) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (CyberLink Corp.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.) DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (RT73) -- C:\Windows\System32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (SNPSTD3) USB PC Camera (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hba-crew.to IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.defaultthis.engineName: "Bigpoint Games DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Bigpoint Games DE Customized Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: finder@meingutscheincode.de:1.0.2 FF - prefs.js..extensions.enabledItems: {40c3cc16-7269-4b32-9531-17f2950fb06f}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {22e03916-85c5-44b0-8dc9-1830c11238d9}:3.3.0.19 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {0e3dbc69-a682-48da-84e1-82c63a5d678e}:3.2.5.2 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2843456&q=&SearchSource=2" FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.09.22 09:24:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.21 20:03:32 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.21 19:49:09 | 000,000,000 | ---D | M] [2009.09.27 23:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions [2009.09.27 23:46:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org [2011.03.22 21:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions [2011.03.21 20:04:47 | 000,000,000 | ---D | M] (Bigpoint Games DE Community Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{0e3dbc69-a682-48da-84e1-82c63a5d678e} [2011.03.21 20:05:08 | 000,000,000 | ---D | M] (Elf 1 Community Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{22e03916-85c5-44b0-8dc9-1830c11238d9} [2011.03.21 20:05:26 | 000,000,000 | ---D | M] (Winload Community Toolbar) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} [2010.09.06 20:53:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.03.21 20:05:27 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\engine@conduit.com [2010.09.19 20:48:41 | 000,000,000 | ---D | M] (Mein Gutscheincode Finder) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\finder@meingutscheincode.de [2011.03.22 21:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\staged [2010.08.10 20:10:23 | 000,000,000 | ---D | M] ("AutocompletePro - Your handy search suggestions tool") -- C:\Users\media\AppData\Roaming\mozilla\Firefox\Profiles\980ntedn.default\extensions\support@predictad.com [2010.10.07 11:55:31 | 000,002,392 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\askcom.xml [2011.01.26 19:08:02 | 000,000,937 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\conduit.xml [2010.10.01 12:45:28 | 000,010,017 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\mywebsearch.xml [2011.03.19 18:39:03 | 000,005,401 | ---- | M] () -- C:\Users\media\AppData\Roaming\Mozilla\Firefox\Profiles\980ntedn.default\searchplugins\searchcanvas.xml [2011.03.21 20:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.05.22 20:29:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.28 16:32:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.03 19:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 20:12:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} File not found (No name found) -- [2009.09.15 17:39:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [2009.09.15 17:42:32 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009.11.10 13:43:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2010.04.09 18:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [2010.05.22 20:29:50 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.07.28 16:32:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.03 19:18:47 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.05 20:12:12 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2009.09.17 02:02:07 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2011.03.18 18:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.01.01 09:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.01.01 09:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2010.01.01 09:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.01.01 09:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.01.01 09:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.01.01 09:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Programme\AutocompletePro\AutocompletePro.dll (SimplyGen) O2 - BHO: (no name) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac7311\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [PLFSetL] C:\Windows\\PLFSetL.exe () O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe () O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [apocalyps32] C:\Users\media\AppData\Roaming\apocalyps32.exe (GASPmIhnj) O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\media\Program Files\DNA\btdna.exe (BitTorrent, Inc.) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd) O4 - HKCU..\Run: [HKCU] C:\directory\CyberGate\install\server.exe (rhMV) O4 - HKCU..\Run: [Spiele Post] File not found O4 - Startup: C:\Users\media\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Programme\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\media\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Programme\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\media\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\Shell - "" = AutoRun O33 - MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\Shell\AutoRun\command - "" = E:\Autostart.exe O33 - MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\Shell - "" = AutoRun O33 - MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.03.22 21:15:04 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\media\Desktop\OTL.exe [2011.03.21 20:47:55 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Malwarebytes [2011.03.21 20:47:48 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2011.03.21 20:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.03.21 20:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.03.21 20:47:44 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.03.21 20:47:44 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2011.03.21 20:46:16 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\media\Desktop\mbam-setup.exe [2011.03.21 20:33:15 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\Firefoxx [2011.03.13 16:10:58 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\Selina Handy [2011.03.09 21:18:24 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll [2011.03.09 21:18:24 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll [2011.03.09 21:18:24 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2011.03.09 21:18:24 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll [2011.03.08 19:23:26 | 000,000,000 | ---D | C] -- C:\directory [2011.03.08 19:23:11 | 000,552,960 | ---- | C] (rhMV) -- C:\Users\media\AppData\Roaming\neu.exe [2011.03.05 20:27:54 | 000,000,000 | ---D | C] -- C:\Users\media\Desktop\USB AUTO [2011.03.05 11:27:53 | 000,000,000 | ---D | C] -- C:\Users\media\AppData\Roaming\Modelchance_38227BF2 [2011.03.05 11:27:49 | 000,372,736 | ---- | C] (GASPmIhnj) -- C:\Users\media\AppData\Roaming\apocalyps32.exe [2011.03.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\media\Start Menu [2011.03.04 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\media\Application Data [2011.02.25 23:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011.02.25 23:54:08 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Silverlight [2011.02.24 03:03:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell [2011.02.24 03:00:44 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll [2011.02.24 03:00:35 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe [2011.02.24 03:00:35 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe [2011.02.24 03:00:35 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe [2011.02.24 03:00:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll [2011.02.24 03:00:33 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll [2011.02.24 03:00:32 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll [2011.02.24 03:00:32 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe [2011.02.24 03:00:32 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll [2011.02.24 03:00:32 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll [2011.02.24 03:00:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll [2011.02.24 03:00:26 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll [2011.02.24 03:00:26 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe [2011.02.24 03:00:26 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll [2011.02.24 03:00:26 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll [2011.02.24 03:00:26 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll [2010.08.10 20:10:20 | 002,944,904 | ---- | C] (Ask) -- C:\Programme\Common Files\AskToolbarInstaller.exe [2010.03.30 01:50:42 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2010.03.30 01:50:42 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2009.07.24 23:24:19 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll [2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\media\AppData\Local\CDRip.dll [2007.03.12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll [2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\media\AppData\Local\No23 Recorder.exe [2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\media\AppData\Local\basscd.dll [2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\media\AppData\Local\bass.dll [2005.11.23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll ========== Files - Modified Within 30 Days ========== [2011.03.22 21:15:25 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\media\Desktop\OTL.exe [2011.03.22 21:12:48 | 000,150,364 | -H-- | M] () -- C:\Users\media\AppData\Roaming\cglogs.dat [2011.03.22 21:05:24 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95697187-C0EB-4020-8E2F-0247A6A8063B}.job [2011.03.22 21:05:10 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.03.22 21:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.03.22 19:55:20 | 000,372,736 | ---- | M] (GASPmIhnj) -- C:\Users\media\AppData\Roaming\apocalyps32.exe [2011.03.22 19:49:48 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.03.21 22:04:05 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.03.21 22:04:04 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.03.21 22:03:47 | 3215,908,864 | -HS- | M] () -- C:\hiberfil.sys [2011.03.21 20:47:48 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 20:46:58 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\media\Desktop\mbam-setup.exe [2011.03.21 20:34:01 | 000,037,456 | ---- | M] () -- C:\Users\media\Desktop\Zwischenablage01.jpg [2011.03.21 19:54:26 | 000,007,460 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.03.21 18:20:39 | 000,032,712 | ---- | M] () -- C:\Users\media\Desktop\Gnofae.pdf [2011.03.20 18:16:04 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.03.20 18:16:04 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.03.20 18:16:04 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.03.20 18:16:04 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.03.16 17:09:42 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2011.03.15 21:34:41 | 000,006,836 | ---- | M] () -- C:\Users\media\AppData\Local\d3d9caps.dat [2011.03.12 03:01:27 | 000,000,390 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2011.03.08 19:23:13 | 000,552,960 | ---- | M] (rhMV) -- C:\Users\media\AppData\Roaming\neu.exe [2011.03.06 00:09:55 | 000,121,856 | ---- | M] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.25 14:14:52 | 210,953,230 | ---- | M] () -- C:\Users\media\Desktop\Sept_91_GebDo_Allg.wmv ========== Files Created - No Company Name ========== [2011.03.21 20:47:48 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.03.21 20:34:01 | 000,037,456 | ---- | C] () -- C:\Users\media\Desktop\Zwischenablage01.jpg [2011.03.21 20:03:37 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2011.03.21 18:20:39 | 000,032,712 | ---- | C] () -- C:\Users\media\Desktop\Gnofae.pdf [2011.02.25 19:42:02 | 210,953,230 | ---- | C] () -- C:\Users\media\Desktop\Sept_91_GebDo_Allg.wmv [2011.02.24 03:00:28 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs [2011.02.24 03:00:28 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml [2011.02.24 03:00:28 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl [2010.09.30 22:04:35 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.09.30 22:04:35 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.09.06 07:38:35 | 000,193,263 | ---- | C] () -- C:\Windows\hphins34.dat [2010.09.06 07:38:35 | 000,000,532 | ---- | C] () -- C:\Windows\hphmdl34.dat [2010.06.25 22:47:39 | 000,237,568 | ---- | C] () -- C:\Windows\System32\lame_enc.dll [2010.06.25 22:47:39 | 000,110,080 | ---- | C] () -- C:\Windows\System32\advd.dll [2010.06.25 22:47:39 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll [2010.06.25 22:47:38 | 000,723,978 | ---- | C] () -- C:\Users\media\AppData\Roaming\unins000.exe [2010.06.25 22:47:38 | 000,559,104 | ---- | C] () -- C:\Windows\System32\lame.exe [2010.06.25 22:47:38 | 000,013,099 | ---- | C] () -- C:\Users\media\AppData\Roaming\unins000.dat [2010.04.04 17:33:44 | 000,001,471 | ---- | C] () -- C:\Users\media\AppData\Local\RecConfig.xml [2010.03.30 01:50:43 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2010.03.30 01:50:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2010.03.30 01:50:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2010.03.30 01:50:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2010.03.30 01:50:42 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2010.03.13 12:23:34 | 000,000,170 | ---- | C] () -- C:\Users\media\AppData\Roaming\burnaware.ini [2009.12.07 19:39:40 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2009.12.07 19:39:39 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2009.10.22 17:29:05 | 000,024,632 | ---- | C] () -- C:\Users\media\AppData\Roaming\addons.dat [2009.10.22 17:29:04 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.22 17:29:04 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.18 22:31:39 | 000,941,784 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys [2009.10.14 13:11:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.10.11 16:56:42 | 000,000,601 | ---- | C] () -- C:\Windows\eReg.dat [2009.10.08 19:17:30 | 000,007,460 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.09.15 20:59:55 | 000,000,116 | ---- | C] () -- C:\Users\media\AppData\Roaming\wklnhst.dat [2009.09.15 14:46:03 | 000,121,856 | ---- | C] () -- C:\Users\media\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.08 16:31:37 | 000,006,836 | ---- | C] () -- C:\Users\media\AppData\Local\d3d9caps.dat [2009.07.24 23:11:49 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.07.24 23:11:49 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.07.24 23:11:48 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.07.24 23:11:48 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe [2009.07.24 23:11:48 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe [2009.07.24 23:11:48 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll [2009.07.24 14:47:42 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini [2009.07.24 14:40:22 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.07.24 14:40:22 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.07.24 14:40:22 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.07.24 14:40:22 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.07.24 14:38:35 | 000,090,772 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.07.24 14:38:35 | 000,000,536 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.07.24 14:38:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.07.24 14:38:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.07.24 14:38:35 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.07.24 14:38:35 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.07.24 14:33:13 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.05.07 01:01:00 | 000,016,037 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2009.03.12 11:47:51 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2009.03.12 11:47:51 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2009.03.12 11:47:51 | 000,128,990 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2009.03.12 11:47:51 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2009.03.12 11:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini [2009.03.12 03:09:35 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2009.02.11 21:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll [2009.02.11 21:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll [2009.02.11 21:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini [2008.12.11 21:38:34 | 000,042,320 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2008.04.08 13:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\media\AppData\Local\lame_enc.dll [2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 13:47:37 | 000,298,216 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 11:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 11:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat [2006.10.27 12:52:34 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP7311.ini [2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\media\AppData\Local\vorbisenc.dll [2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\media\AppData\Local\vorbisfile.dll [2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\media\AppData\Local\vorbis.dll [2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\media\AppData\Local\ogg.dll [2006.09.19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe [2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\media\AppData\Local\no23xwrapper.dll [2005.04.08 03:16:43 | 000,150,364 | -H-- | C] () -- C:\Users\media\AppData\Roaming\cglogs.dat [2004.02.27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914 @Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9 @Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:40EE25BB @Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3A7527E8 @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FAB64002 @Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DC0B1070 @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E8CB831A @Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:041C0562 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7F08EA3 @Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A6D6E537 @Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8B4B9596 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23 @Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2DF54B62 @Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:864881BF @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:814B9485 @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1CDEDE11 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D3A89E47 @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A2FF62A6 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:71004506 @Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:13EF4AF6 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B1786630 @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A4AF8D0D @Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F636E25 @Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:35759C73 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:71612023 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41099CE9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3086B95F @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:981884E7 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6 @Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D @Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:AECF4772 @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:C30487EE @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:9491C9C7 @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E @Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:57176330 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:29F0CA7D @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3D36932D @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B1EA607 @Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:124B94C0 @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4 @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F @Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:95198126 @Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:00811B66 @Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:0ED4AC2F < End of report > |
|
23.03.2011, 09:21
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
[2005.04.08 03:16:43 | 000,150,364 | -H-- | C] () -- C:\Users\media\AppData\Roaming\cglogs.dat
[2011.03.08 19:23:13 | 000,552,960 | ---- | M] (rhMV) -- C:\Users\media\AppData\Roaming\neu.exe
[2011.03.22 19:55:20 | 000,372,736 | ---- | M] (GASPmIhnj) -- C:\Users\media\AppData\Roaming\apocalyps32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\Shell - "" = AutoRun
O33 - MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\Shell\AutoRun\command - "" = E:\Autostart.exe
O33 - MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\Shell - "" = AutoRun
O33 - MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\Shell\AutoRun\command - "" = E:\pushinst.exe
O4 - HKCU..\Run: [HKCU] C:\directory\CyberGate\install\server.exe (rhMV)
O4 - HKCU..\Run: [Spiele Post] File not found
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:B203B914
@Alternate Data Stream - 99 bytes -> C:\ProgramData\Temp:131C0EE9
@Alternate Data Stream - 148 bytes -> C:\ProgramData\Temp:40EE25BB
@Alternate Data Stream - 146 bytes -> C:\ProgramData\Temp:3A7527E8
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:FAB64002
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:DC0B1070
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:E8CB831A
@Alternate Data Stream - 140 bytes -> C:\ProgramData\Temp:041C0562
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:C7F08EA3
@Alternate Data Stream - 139 bytes -> C:\ProgramData\Temp:A6D6E537
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:8B4B9596
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:FC70A22A
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1982A23
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:2DF54B62
@Alternate Data Stream - 134 bytes -> C:\ProgramData\Temp:864881BF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:814B9485
@Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:1CDEDE11
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:D3A89E47
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:A2FF62A6
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:71004506
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:3B3A35EC
@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:13EF4AF6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:B1786630
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:A4AF8D0D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:4F636E25
@Alternate Data Stream - 125 bytes -> C:\ProgramData\Temp:35759C73
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:71612023
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:41099CE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:3086B95F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:981884E7
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:109734F6
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3064D21D
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:AECF4772
@Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:C30487EE
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:B623B5B8
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:9491C9C7
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:CE0A077E
@Alternate Data Stream - 114 bytes -> C:\ProgramData\Temp:57176330
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:9E22BBE8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:29F0CA7D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:3D36932D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:2B1EA607
@Alternate Data Stream - 111 bytes -> C:\ProgramData\Temp:124B94C0
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:8750DCE4
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:BB24555F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:95198126
@Alternate Data Stream - 107 bytes -> C:\ProgramData\Temp:00811B66
@Alternate Data Stream - 103 bytes -> C:\ProgramData\Temp:0ED4AC2F
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2011, 21:50
| #12 |
| | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( ok mach ich mal was passiert dann wenn ich das mache? löscht das dann irgendwas von meinem Computer? |
|
23.03.2011, 21:59
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Ja es löscht die schädlichen Einträge oder willst du die lieber behalten 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.03.2011, 22:20
| #14 |
| | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Natürlich nicht ;-) So hab das mal gemacht hier die log die rausgekommen ist. All processes killed ========== OTL ========== C:\Users\media\AppData\Roaming\cglogs.dat moved successfully. C:\Users\media\AppData\Roaming\neu.exe moved successfully. C:\Users\media\AppData\Roaming\apocalyps32.exe moved successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d371ca0c-b680-11de-91f8-001f16b4975f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d371ca0c-b680-11de-91f8-001f16b4975f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d371ca0c-b680-11de-91f8-001f16b4975f}\ not found. File E:\Autostart.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e51a249b-a30c-11de-8ca9-001f16b4975f}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e51a249b-a30c-11de-8ca9-001f16b4975f}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e51a249b-a30c-11de-8ca9-001f16b4975f}\ not found. File E:\pushinst.exe not found. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU deleted successfully. C:\directory\CyberGate\install\server.exe moved successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Spiele Post deleted successfully. ADS C:\ProgramData\Temp:B203B914 deleted successfully. ADS C:\ProgramData\Temp:131C0EE9 deleted successfully. ADS C:\ProgramData\Temp:40EE25BB deleted successfully. ADS C:\ProgramData\Temp:3A7527E8 deleted successfully. ADS C:\ProgramData\Temp:FAB64002 deleted successfully. ADS C:\ProgramData\Temp C0B1070 deleted successfully.ADS C:\ProgramData\Temp:E8CB831A deleted successfully. ADS C:\ProgramData\Temp:041C0562 deleted successfully. ADS C:\ProgramData\Temp:C7F08EA3 deleted successfully. ADS C:\ProgramData\Temp:A6D6E537 deleted successfully. ADS C:\ProgramData\Temp:8B4B9596 deleted successfully. ADS C:\ProgramData\Temp:FC70A22A deleted successfully. ADS C:\ProgramData\Temp:E1982A23 deleted successfully. ADS C:\ProgramData\Temp:2DF54B62 deleted successfully. ADS C:\ProgramData\Temp:864881BF deleted successfully. ADS C:\ProgramData\Temp:814B9485 deleted successfully. ADS C:\ProgramData\Temp:1CDEDE11 deleted successfully. ADS C:\ProgramData\Temp 3A89E47 deleted successfully.ADS C:\ProgramData\Temp:A2FF62A6 deleted successfully. ADS C:\ProgramData\Temp:71004506 deleted successfully. ADS C:\ProgramData\Temp:3B3A35EC deleted successfully. ADS C:\ProgramData\Temp:13EF4AF6 deleted successfully. ADS C:\ProgramData\Temp:B1786630 deleted successfully. ADS C:\ProgramData\Temp:A4AF8D0D deleted successfully. ADS C:\ProgramData\Temp:4F636E25 deleted successfully. ADS C:\ProgramData\Temp:35759C73 deleted successfully. ADS C:\ProgramData\Temp CAF903C deleted successfully.ADS C:\ProgramData\Temp:CDFF58FE deleted successfully. ADS C:\ProgramData\Temp:ADE16379 deleted successfully. ADS C:\ProgramData\Temp:ABE89FFE deleted successfully. ADS C:\ProgramData\Temp:71612023 deleted successfully. ADS C:\ProgramData\Temp:41099CE9 deleted successfully. ADS C:\ProgramData\Temp:3086B95F deleted successfully. ADS C:\ProgramData\Temp:981884E7 deleted successfully. ADS C:\ProgramData\Temp:109734F6 deleted successfully. ADS C:\ProgramData\Temp:3064D21D deleted successfully. ADS C:\ProgramData\Temp:AECF4772 deleted successfully. ADS C:\ProgramData\Temp:C30487EE deleted successfully. ADS C:\ProgramData\Temp:B623B5B8 deleted successfully. ADS C:\ProgramData\Temp:9491C9C7 deleted successfully. ADS C:\ProgramData\Temp:CE0A077E deleted successfully. ADS C:\ProgramData\Temp:57176330 deleted successfully. ADS C:\ProgramData\Temp:9E22BBE8 deleted successfully. ADS C:\ProgramData\Temp:29F0CA7D deleted successfully. ADS C:\ProgramData\Temp:3D36932D deleted successfully. ADS C:\ProgramData\Temp:2B1EA607 deleted successfully. ADS C:\ProgramData\Temp:124B94C0 deleted successfully. ADS C:\ProgramData\Temp:8750DCE4 deleted successfully. ADS C:\ProgramData\Temp:BB24555F deleted successfully. ADS C:\ProgramData\Temp:95198126 deleted successfully. ADS C:\ProgramData\Temp:00811B66 deleted successfully. ADS C:\ProgramData\Temp:0ED4AC2F deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 75 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Gast ->Temp folder emptied: 40066062 bytes ->Temporary Internet Files folder emptied: 740763 bytes ->Flash cache emptied: 75 bytes User: media ->Temp folder emptied: 207281647 bytes ->Temporary Internet Files folder emptied: 242364768 bytes ->Java cache emptied: 345700113 bytes ->FireFox cache emptied: 241412450 bytes ->Google Chrome cache emptied: 15193545 bytes ->Flash cache emptied: 13900084 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 4421268065 bytes RecycleBin emptied: 2245392 bytes Total Files Cleaned = 5.274,00 mb OTL by OldTimer - Version 3.2.22.3 log created on 03232011_220622 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
|
23.03.2011, 22:23
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen! 2.) Ordner C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu System dauerhaft über 50 % ausgelastet, Pc läuft somit super langsam ;-( |
| arbeitsspeicher, ausgelastet, auslastung, dauerhaft, dringend, hilfe!, langsam, liebe, pc läuft, problem, profis, recht, super, system, teilweise, warum |
Linear-Darstellung
