| |
| |||||||
Log-Analyse und Auswertung: Mein Laptop wird immer langsamer....Logs beigefügtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
30.03.2012, 17:52
| #1 |
| |  Mein Laptop wird immer langsamer....Logs beigefügt Puuuh ich hoffe ihr könnt mir endlich helfen. Mein Laptop wird immer langsamer. Besonders das Surfen im Netz geht fast gar nitt mehr. Teilweise friert der Rechner für mehrere Sekunden ein und ist auch schon 2 mal mit Bluscreen abgestürzt. Seit ca 5 Minuten öffnet sich zudem noch folgende Fenster bei jeder Seite die ich öffne soll ich BEnutzername und Passwort für folgenden Server eingeben.: Der Proxy moz-proxy://77.120.117.56:3128 verlangt einen Benutzernamen und ein Passwort. Ausgabe der Website: "Squid proxy-caching web server" Ich drücke auf abbrechen und kann zwar weitersürfen aber bei jeder neuen Seite kommt das wieder :-( Hoffe ihr könnt mir helfen, hab hoffe ich alles richtig befolgt was die Logs betrifft. gruss Harry Irgendwie kann ich die Logs hier nicht direkt uppen.Hoffe es ist ok dass ich sie als .rar auf Rapidshare geuppt habe. https://rapidshare.com/files/3581823187/Logs.rar |
|
30.03.2012, 19:49
| #2 |
| /// Malware-holic   | Mein Laptop wird immer langsamer....Logs beigefügt hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
30.03.2012, 22:42
| #3 |
| | Mein Laptop wird immer langsamer....Logs beigefügt Danke erstemal :-)
__________________Hier die Datei von OTL https://rapidshare.com/files/185036817/OTL_Log.rar Ich möchte noch hinzufügen dass Google meldet, dass meine Suchanfragen abgelehnt werden weil scheinbar zuviele Anfragen aus meinem Netzwerk kommen. Ich muss dann immer Capcha bestätigen. gruss Harry |
|
31.03.2012, 16:12
| #4 |
| /// Malware-holic | Mein Laptop wird immer langsamer....Logs beigefügt bitte hänge das log hier an, evtl. als archiv, falls zu groß, oder kopiere die berichte direkt rein, danke.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
31.03.2012, 18:51
| #5 |
| | Mein Laptop wird immer langsamer....Logs beigefügt Ich habe zu danken :-) Hoffe ihr könnt mir helfen... OTL Logfile: Code:
ATTFilter OTL logfile created on: 30.03.2012 22:19:01 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Harry\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,42% Memory free 6,19 Gb Paging File | 4,70 Gb Available in Paging File | 75,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 67,67 Gb Free Space | 46,98% Space Free | Partition Type: NTFS Drive D: | 140,50 Gb Total Space | 69,30 Gb Free Space | 49,32% Space Free | Partition Type: NTFS Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.30 22:06:58 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Harry\Downloads\OTL.exe PRC - [2012.03.24 13:55:54 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe PRC - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe PRC - [2012.02.09 12:59:08 | 001,220,928 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe PRC - [2012.01.22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2010.03.08 19:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe PRC - [2010.02.11 03:31:32 | 000,604,488 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe PRC - [2009.04.16 17:56:36 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:39 | 000,299,520 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieuser.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 17:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2008.12.11 20:12:00 | 000,159,528 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\WTablet\Pen_TabletUser.exe PRC - [2008.12.11 20:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) -- C:\Windows\System32\Pen_Tablet.exe PRC - [2008.07.09 17:46:50 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Harry\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.05.23 18:09:25 | 003,770,600 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe PRC - [2008.05.23 18:09:21 | 003,337,728 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\CompPtcVUI.exe PRC - [2008.05.23 18:09:09 | 003,642,368 | ---- | M] (Arachnoid Biometrics Identification Group Corp.) -- C:\Programme\Acer\Acer Bio Protection\PdtWzd.exe PRC - [2008.03.13 11:24:20 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2008.03.11 20:30:28 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe PRC - [2008.03.11 11:53:54 | 005,296,128 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe PRC - [2008.03.07 04:36:12 | 000,544,768 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.03.05 00:38:28 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe PRC - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) -- C:\Windows\System32\vfsFPService.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\ACER\Mobility Center\MobilityService.exe PRC - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.04.24 18:50:32 | 000,723,760 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.02.17 03:41:45 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll MOD - [2012.02.17 03:41:07 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012.02.17 02:56:31 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012.02.17 02:54:47 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll MOD - [2012.02.17 02:53:59 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll MOD - [2012.02.17 02:50:58 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011.10.14 02:27:56 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.05.23 18:09:25 | 003,770,600 | ---- | M] () -- C:\Programme\Acer\Acer Bio Protection\PwdBank.exe MOD - [2008.03.28 20:25:30 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Library\3.0.3005.0__3036420f80dd6947\Framework.Library.dll MOD - [2008.03.28 20:25:30 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Utility\3.0.3005.0__4df5dcab8860d239\Framework.Utility.dll MOD - [2008.03.28 20:25:30 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Framework.Model.ControllerInterface\3.0.3005.0__d842b71b4d6ed079\Framework.Model.ControllerInterface.dll MOD - [2008.03.11 10:14:34 | 000,204,800 | ---- | M] () -- C:\Windows\System32\SysHook.dll MOD - [2008.03.05 00:38:16 | 000,227,888 | ---- | M] () -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ShowErrMsg.dll MOD - [2007.10.23 10:56:18 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2007.09.20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2007.04.24 18:44:26 | 000,126,976 | ---- | M] () -- C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2007.04.24 18:32:56 | 000,389,120 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll MOD - [2003.06.07 07:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll ========== Win32 Services (SafeList) ========== SRV - [2012.02.09 12:59:08 | 001,529,152 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc) SRV - [2012.01.22 09:40:04 | 003,025,112 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.03.08 19:30:54 | 000,194,048 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Programme\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc) SRV - [2010.02.11 03:31:32 | 000,604,488 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc) SRV - [2010.02.11 03:31:30 | 000,361,288 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.11.16 13:25:48 | 000,029,000 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) SRV - [2009.04.16 17:56:36 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2008.12.11 20:11:30 | 002,749,736 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\System32\Pen_Tablet.exe -- (TabletServicePen) SRV - [2008.03.07 16:05:10 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.03.05 00:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) SRV - [2008.02.15 09:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Running] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.10 17:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Disabled | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2007.12.11 05:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio) SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService) SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2007.04.13 08:49:00 | 000,101,528 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\mod7700.sys -- (mod7700) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.02.15 16:36:57 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.02.09 12:48:24 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv) DRV - [2011.11.02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.05.02 20:16:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2009.12.07 13:53:18 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2009.08.12 02:49:49 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggsemc.sys -- (ggsemc) DRV - [2009.08.12 02:49:49 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ggflt.sys -- (ggflt) DRV - [2009.05.31 22:56:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2009.05.31 22:56:11 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.04.28 20:08:00 | 009,838,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.10.17 15:49:50 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/03/28 05:58:42] [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2008.10.06 19:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor) DRV - [2008.09.20 12:44:11 | 000,099,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2008.08.18 23:45:00 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid) DRV - [2008.05.23 18:09:12 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.03.13 10:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR) DRV - [2008.03.11 13:38:00 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E) DRV - [2008.02.29 09:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2008.02.15 09:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x) DRV - [2008.01.08 21:10:32 | 002,554,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R) DRV - [2007.12.18 18:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir) DRV - [2007.10.19 15:32:58 | 000,013,824 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\modrc.sys -- (MODRC) DRV - [2007.08.08 22:06:40 | 000,023,424 | ---- | M] (Huawei Tech. Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewdcsc.sys -- (Huawei) DRV - [2007.02.16 20:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter) DRV - [2007.02.16 01:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WacomVKHid.sys -- (WacomVKHid) DRV - [2007.01.26 08:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2006.11.02 15:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7AMSA_deDE301 IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.31 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91 FF - prefs.js..network.proxy.ftp: "88.190.226.192" FF - prefs.js..network.proxy.ftp_port: 3128 FF - prefs.js..network.proxy.http: "88.190.226.192" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.socks: "88.190.226.192" FF - prefs.js..network.proxy.socks_port: 3128 FF - prefs.js..network.proxy.ssl: "88.190.226.192" FF - prefs.js..network.proxy.ssl_port: 3128 FF - prefs.js..network.proxy.type: 1 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.07.09 23:05:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.03.17 21:43:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.21 17:47:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.29 14:35:50 | 000,000,000 | ---D | M] [2008.10.12 23:00:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\mozilla\Extensions [2012.03.21 00:06:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Harry\AppData\Roaming\mozilla\Firefox\Profiles\r1z07m5o.default\extensions [2010.03.19 03:18:51 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Harry\AppData\Roaming\mozilla\Firefox\Profiles\r1z07m5o.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2011.06.22 00:44:57 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Harry\AppData\Roaming\mozilla\Firefox\Profiles\r1z07m5o.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.07.16 15:57:47 | 000,000,000 | ---D | M] (BlackJapanMAX) -- C:\Users\Harry\AppData\Roaming\mozilla\Firefox\Profiles\r1z07m5o.default\extensions\{8e12f188-352c-4476-8198-e9b8f4a4353a} [2010.03.19 14:27:24 | 000,001,196 | ---- | M] () -- C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\r1z07m5o.default\searchplugins\winamp-search.xml [2012.03.29 14:26:06 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.29 14:26:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.03.17 21:43:18 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.03.29 14:26:06 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} () (No name found) -- C:\USERS\HARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R1Z07M5O.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI () (No name found) -- C:\USERS\HARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R1Z07M5O.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\USERS\HARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R1Z07M5O.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI () (No name found) -- C:\USERS\HARRY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R1Z07M5O.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI [2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.29 14:25:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.07.31 22:51:18 | 000,318,435 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 10922 more lines... O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O2 - BHO: (FGCatchUrl) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Programme\FlashGet\jccatch.dll (www.flashget.com) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (FlashGet GetFlash Class) - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Programme\FlashGet\getflash.dll (www.flashget.com) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Programme\Winamp Toolbar\winamptb.dll (AOL LLC.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [PMCLoader] C:\Program Files\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O8 - Extra context menu item: &Alles mit FlashGet laden - C:\Programme\FlashGet\JC_ALL.HTM () O8 - Extra context menu item: &Mit FlashGet laden - C:\Programme\FlashGet\JC_LINK.HTM () O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O9 - Extra 'Tools' menuitem : FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Programme\FlashGet\flashget.exe (FlashGet.com) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 81.173.194.68 213.168.112.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{488C2792-C769-4E77-8A51-443F531E0DF2}: DhcpNameServer = 81.173.194.68 213.168.112.60 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA05BF5D-7EB5-4997-A8C0-A24025149020}: DhcpNameServer = 81.173.194.68 213.168.112.60 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O24 - Desktop BackupWallPaper: C:\Users\Harry\AppData\Roaming\Mozilla\Firefox\Desktop Hintergrund.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{3f8ace30-4a89-11df-a27a-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{3f8ace30-4a89-11df-a27a-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{3f8ace3d-4a89-11df-a27a-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{3f8ace3d-4a89-11df-a27a-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{52e76aaf-4a84-11df-9eb9-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{52e76aaf-4a84-11df-9eb9-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{52e76abe-4a84-11df-9eb9-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{52e76abe-4a84-11df-9eb9-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a347c53e-49bd-11df-af04-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{a347c53e-49bd-11df-af04-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{a347c53f-49bd-11df-af04-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{a347c53f-49bd-11df-af04-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{ec914cd3-4153-11df-a16d-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{ec914cd3-4153-11df-a16d-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f1fdacc2-42a3-11df-aba9-00a0d1a6b3ad}\Shell - "" = AutoRun O33 - MountPoints2\{f1fdacc2-42a3-11df-aba9-00a0d1a6b3ad}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.29 14:30:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.03.24 14:03:05 | 000,000,000 | ---D | C] -- C:\Users\Harry\Documents\Simply Super Software [2012.03.24 14:02:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.03.24 14:02:27 | 000,598,528 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll [2012.03.24 14:02:15 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2012.03.24 14:02:15 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Simply Super Software [2012.03.24 14:02:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.03.23 00:13:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.03.23 00:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012.03.23 00:12:33 | 000,000,000 | ---D | C] -- C:\Users\Harry\Documents\Anti-Malware [2012.03.22 18:14:00 | 000,031,552 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.03.22 18:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 [2012.03.22 18:13:10 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2012 [2012.03.22 18:11:57 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012.03.21 23:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.03.21 23:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.03.21 22:49:39 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2012.03.21 22:49:03 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\AVS4YOU [2012.03.21 22:40:57 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.03.21 22:40:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU [2012.03.21 22:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AVSMedia [2012.03.21 22:40:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVS4YOU [2012.03.21 17:53:17 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Roaming\Malwarebytes [2012.03.21 17:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.21 17:53:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.21 17:52:57 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.21 17:52:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.03.17 21:45:07 | 000,000,000 | ---D | C] -- C:\Users\Harry\AppData\Local\DDMSettings [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.30 22:22:51 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 22:22:51 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.30 22:03:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.30 22:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2012.03.30 19:55:24 | 000,089,359 | ---- | M] () -- C:\ProgramData\nvModes.dat [2012.03.30 19:55:24 | 000,089,359 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.03.30 19:55:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.30 18:30:43 | 000,671,196 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.30 18:30:43 | 000,631,886 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.30 18:30:43 | 000,144,332 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.30 18:30:43 | 000,118,512 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.30 18:23:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.03.30 18:23:28 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.30 18:21:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.03.30 18:21:26 | 000,000,020 | ---- | M] () -- C:\Users\Harry\defogger_reenable [2012.03.30 17:11:46 | 000,169,472 | ---- | M] () -- C:\Users\Harry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.03.30 17:11:44 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini [2012.03.30 12:37:31 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{260D95C8-6567-488A-A763-EEA74C6C3687}.job [2012.03.29 23:11:47 | 000,001,356 | ---- | M] () -- C:\Users\Harry\AppData\Local\d3d9caps.dat [2012.03.29 14:40:05 | 000,002,299 | ---- | M] () -- C:\Users\Harry\AppData\Roaming\acervcmtmp.ini [2012.03.29 14:36:12 | 000,000,974 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.03.29 14:10:53 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI [2012.03.29 11:07:52 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.23 00:13:57 | 000,000,892 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.03.22 18:13:53 | 000,001,873 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.03.22 18:13:52 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.03.21 23:08:03 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 22:41:01 | 000,001,090 | ---- | M] () -- C:\Users\Harry\Desktop\AVS4YOU Software Navigator.lnk [2012.03.21 22:40:43 | 000,001,046 | ---- | M] () -- C:\Users\Harry\Desktop\AVS Registry Cleaner.lnk [2012.03.21 17:53:03 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 17:47:07 | 000,000,850 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.03.12 23:35:29 | 000,745,652 | ---- | M] () -- C:\Users\Harry\Desktop\Bewerbung Ikea.pdf [2012.03.08 20:26:43 | 000,745,767 | ---- | M] () -- C:\Users\Harry\Desktop\Bewerbung -Aldi-Sued.pdf [2012.03.08 19:58:36 | 002,097,428 | ---- | M] () -- C:\Users\Harry\Desktop\Gutschein.pdf [2012.03.08 19:43:23 | 000,489,751 | ---- | M] () -- C:\Users\Harry\Desktop\BBewerbung.pdf [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.30 18:20:48 | 000,000,020 | ---- | C] () -- C:\Users\Harry\defogger_reenable [2012.03.24 14:02:27 | 000,178,176 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll [2012.03.24 14:02:27 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.03.24 14:02:27 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.03.24 14:02:26 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.03.24 14:02:26 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2012.03.23 00:13:57 | 000,000,892 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk [2012.03.22 18:13:53 | 000,001,873 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.03.22 18:13:52 | 000,001,881 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk [2012.03.22 18:13:52 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk [2012.03.21 23:08:03 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.03.21 22:41:01 | 000,001,090 | ---- | C] () -- C:\Users\Harry\Desktop\AVS4YOU Software Navigator.lnk [2012.03.21 22:40:43 | 000,001,046 | ---- | C] () -- C:\Users\Harry\Desktop\AVS Registry Cleaner.lnk [2012.03.21 17:53:03 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.21 17:47:07 | 000,000,862 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.03.21 17:47:07 | 000,000,850 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012.03.12 23:35:17 | 000,745,652 | ---- | C] () -- C:\Users\Harry\Desktop\Bewerbung Ikea.pdf [2012.03.12 17:51:45 | 005,499,968 | ---- | C] () -- C:\Users\Harry\Desktop\01-michel_telo_-_ai_se_eu_te_pego_(original_version).mp3 [2012.03.08 20:26:33 | 000,745,767 | ---- | C] () -- C:\Users\Harry\Desktop\Bewerbung -Aldi-Sued.pdf [2012.03.08 19:58:31 | 002,097,428 | ---- | C] () -- C:\Users\Harry\Desktop\Gutschein.pdf [2012.03.08 19:43:17 | 000,489,751 | ---- | C] () -- C:\Users\Harry\Desktop\BBewerbung.pdf ========== LOP Check ========== [2008.07.24 00:33:39 | 000,000,000 | -HSD | M] -- C:\Users\Harry\AppData\Roaming\.# [2008.10.15 15:56:52 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Acer [2008.03.28 20:43:38 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Acer GameZone Console [2009.08.29 14:20:19 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Alien Skin [2008.08.12 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Canon [2012.03.21 23:11:17 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\DAEMON Tools Lite [2011.07.08 00:17:29 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\DVDVideoSoft [2008.07.09 20:57:19 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\eSobi [2008.07.17 00:01:17 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\FlashGet [2009.09.26 14:18:25 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\HDRsoft [2008.09.15 23:42:17 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\iWin [2008.12.24 06:59:06 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Laconic Software [2008.07.09 20:59:37 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PeerNetworking [2010.02.25 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\PowerCinema [2009.06.29 22:55:33 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Publish Providers [2008.08.12 18:23:04 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\ScanSoft [2009.02.08 07:25:31 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\ScummVM [2012.03.24 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Simply Super Software [2010.05.02 20:23:04 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\SoftDMA [2009.07.13 03:06:36 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Sony [2010.04.18 02:47:29 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Telefónica [2008.08.10 22:13:23 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Template [2010.04.06 02:29:48 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Tropico 3 [2012.03.22 18:13:23 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\TuneUp Software [2008.07.09 17:46:51 | 000,000,000 | ---D | M] -- C:\Users\Harry\AppData\Roaming\Validity [2012.03.30 22:00:01 | 000,000,522 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job [2012.03.30 18:21:48 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.30 12:37:31 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{260D95C8-6567-488A-A763-EEA74C6C3687}.job ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2 @Alternate Data Stream - 24 bytes -> C:\Windows:B3570DA1F45F444C @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:9E22BBE8 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 30.03.2012 22:19:01 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Harry\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 60,42% Memory free
6,19 Gb Paging File | 4,70 Gb Available in Paging File | 75,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 67,67 Gb Free Space | 46,98% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 69,30 Gb Free Space | 49,32% Space Free | Partition Type: NTFS
Computer Name: HARRY-PC | User Name: Harry | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{049AAC5D-DFC2-448D-A494-D80B6F6325DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0A0AF170-D223-4813-84F1-ACB9B22D0FC2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{4DB484CB-ECB5-451D-BD3F-DED327B27D46}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5B5E2670-8556-47C0-990C-AA18EA39E940}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{5D801E23-4C22-4D5D-A7FA-96B406F386DD}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{747E4740-36ED-411C-9513-AB6C28ECFA74}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7E732A19-7BF2-4D58-8B1E-5207BC1FA97B}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{96B21185-F5E3-4282-8DE1-D49282C89CAA}" = lport=4662 | protocol=17 | dir=in | name=emule.exe |
"{AA09EE3F-B1C6-4EA0-A102-BC2C6C92D281}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{D0867E48-4699-4E36-921C-D5A003CF56C2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D54E229B-023C-4BDF-A377-A2815F02D95D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EA3C7DE1-494E-4D51-954F-7497337F2131}" = lport=4661 | protocol=6 | dir=in | name=emule |
"{EDE724FC-0717-430C-8C36-9A47302C7677}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D480BAE-F159-4760-8ACE-9015A459FF8C}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{0F60C1B2-1404-4336-B5E8-BCA14E547FA5}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{1426E291-FB3A-48D5-B2BC-52908DED8CA6}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{155C5D2C-D2EB-4138-8FD3-F8BAFB2DEF3B}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{165184E5-F9F0-42F0-83E8-8CA0660A1B51}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{1AAA59C7-40C6-4CA9-996B-3B41D66B8BB8}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{1B365738-DDBE-4E31-BEF6-EC6117BEC00E}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{2B036B52-512B-41AE-B259-84994FA6DBB8}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{30739832-1554-4BFD-B0C2-17993D552E6A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{3104ED9A-28F9-42E1-9A38-A25E2BDE3555}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{371425ED-9E16-4F73-B772-89A1C015F19B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{3D70A6CE-E8F1-4960-A775-B4A1D9E70893}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{45160867-7411-4CCF-BE9A-1F43449EE7EA}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{49E7C65E-6B52-4F1A-ABF4-BCE027275ECF}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{563631E6-6216-4FBF-943D-19353E1454F7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6AC2BE6D-C85E-41F7-A8B3-3E27EAFA2E35}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{6CAACFB8-40B9-453E-94D3-9517AAC6FEA3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7199F757-BF32-4CBF-84F0-790147F2D9DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{732E142D-88A8-47E1-8642-3D69861D57DF}" = protocol=6 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"{769E08F0-8773-4765-9730-2C60A13CAFFB}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{77AEB128-57E4-4DF1-BA97-58AB7792B7C1}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7D8FAE86-8DF3-4EBD-9C13-9640DEE67A5F}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{80CB0E02-EC5B-4D53-B1A6-ABCD34D1CD3D}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{81561B76-A93E-4F97-847D-5CE97C9BF802}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{85D75BC6-C4E4-406F-A713-0F22E1DD6D01}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{87D1E229-F998-4888-9B94-0E2BFED0FF94}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8D8EDE60-F036-4B3D-93D1-67C2B43B9F2A}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{92F03A0F-A023-44D3-B14F-B22DB482692B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9B25DF26-A70E-469E-9089-9DFC9FFE9649}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9D1AE829-79E7-4780-86D1-47C6E65AD596}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{9ECE83EF-C52E-4197-B7B1-197157DA0A04}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{A08B8EE7-487B-4E16-BE6E-08B02C1AF191}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{A676DF4C-A1B6-421D-A1B9-A86E38CD10A5}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{CA701D9D-A4BF-4E40-B6F8-1C20FD408FA6}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{D26AB9D1-DA7D-4DFE-B9E2-7C0458AEEFE8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{D583A699-D3C8-4523-887E-CB644E4CE85E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{D6D41AB6-1B3E-4646-A457-6CAEC8CB72C7}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{E73EC965-E53B-4BCD-8AB5-AFF569E12362}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe |
"{E8289DB0-663F-46C4-804E-0DC275435085}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe |
"{ECABC21A-FACF-4406-9B78-41877A5E827E}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe |
"{EE8849AE-D53A-4F4B-A805-8F78CF804680}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe |
"{F6C83500-CC09-4B36-862F-4AD1DACB8470}" = protocol=17 | dir=in | app=c:\program files\ubisoft\die siedler - aufstieg eines königreichs\base\bin\settlers6.exe |
"TCP Query User{1BABBA54-CF9D-4D32-8B9A-F26F0DCF1842}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{1E03FCB8-7192-4EF6-9EBB-FEF39FD74661}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{354A0E9F-A94D-4F08-9239-C09DB751AA50}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{41E6794E-243C-4F43-9D8D-BC97BBD2A1A6}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{5C668245-A226-409A-96AA-D3F5F16A89D9}C:\program files\sony ericsson\update service\update service.exe" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"TCP Query User{7441665B-B6FC-46E8-99DE-4D7EB18B6B75}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"TCP Query User{80CEACD6-917A-4BE5-A93F-981ACF8FA5D6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{8381D132-EA57-4964-AA1F-0B5C9D048AE6}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{A4C9ABCD-B3A2-4691-AF47-55A48D9870BB}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"TCP Query User{B8F0C162-8635-4A5E-A4B5-EE89F04FE607}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DD769B19-ED73-4888-A575-3F59B15229D5}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{E16C324C-CD18-4064-A744-358F82E1207E}C:\program files\flashget\flashget.exe" = protocol=6 | dir=in | app=c:\program files\flashget\flashget.exe |
"TCP Query User{E19408DD-EE84-4CE1-9E6D-F283F0E4B0DC}C:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe" = protocol=6 | dir=in | app=c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe |
"UDP Query User{03068A20-62CC-490D-A8B3-4D06F79F0961}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{204E6DAE-A379-47D6-9157-921B04C27099}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{3A6A66F7-FB88-4917-B26F-D7C171B26C94}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{4FCE1B24-A5D2-4707-8F97-C0FD43E3CD86}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{5B59661C-EBA0-4EA1-A10F-8CEB251B82C2}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"UDP Query User{67EAFCD9-CC12-4F7D-B51E-C12B60D6912B}C:\program files\sony ericsson\update service\update service.exe" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update service\update service.exe |
"UDP Query User{7959EE91-5D24-4E4D-872A-9A54B154C492}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{96C716A1-8DDC-471C-9401-5356F873147E}C:\program files\flashget\flashget.exe" = protocol=17 | dir=in | app=c:\program files\flashget\flashget.exe |
"UDP Query User{A390B48F-0374-464A-B68B-10A18965E371}C:\program files\java\jre6\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\launch4j-tmp\jdownloader.exe |
"UDP Query User{B5C88C60-0FFA-4211-B2D3-044FF65F5EE6}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{E4197B92-FF98-4446-A3E4-944263861E30}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F3BF6FE5-C189-4B27-8D2E-E48899F971D1}C:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe" = protocol=17 | dir=in | app=c:\program files\java\jre1.6.0_07\launch4j-tmp\jdownloader.exe |
"UDP Query User{FB8C741A-5503-47A3-B20B-454D00D0AE8D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.5000
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6E5AB107-172B-4F17-8ABB-357C59EF1B08}" = Vegas Pro 9.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.55.312
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}" = DIE SIEDLER - Aufstieg eines Königreichs
"{D6C9AF27-9414-46C8-B9D8-D878BA041031}" = Nero 8 Ultra Edition HD
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"7-Zip" = 7-Zip 4.65
"Acer Acer Bio Protection 6.0.00.08" = Acer Bio Protection
AAV 6.0.00.08
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AnyDVD" = AnyDVD
"AutoGK" = Auto Gordian Knot 2.55
"AVI Splitter_is1" = AVI Splitter
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviSynth" = AviSynth 2.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVSRegistryCleaner_is1" = AVS Registry Cleaner version 2.2
"Canon MP610 series Benutzerregistrierung" = Canon MP610 series Benutzerregistrierung
"CANONIJPLM100" = PIXMA Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = DivX-Setup
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EOS 20D WIA Driver" = EOS 20D WIA Driver
"FlashGet" = FlashGet 1.9.6.1073
"Free Fire Screensaver" = Free Fire Screensaver
"Free Video to iPhone Converter_is1" = Free Video to iPhone Converter version 3.2.19.602
"Google Updater" = Google Updater
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HUAWEI DataCard Driver" = HUAWEI DataCard Driver 3.10.02.00
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}" = Age of Empires III
"Keyword Search" = Keyword Search
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"NVIDIA Drivers" = NVIDIA Drivers
"o2DE" = Mobile Connection Manager
"Orb" = Winamp Remote
"Pen Tablet Driver" = Stifttablett
"PokerStars" = PokerStars
"PQ_DVD_to_iPhone_Video_Suite" = PQ DVD to iPhone Video Suite (remove only)
"QOOKÅø¹Ù" = QOOKÅø¹Ù
"ScummVM_is1" = ScummVM 0.12.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"The KMPlayer" = The KMPlayer (remove only)
"Trojan Remover_is1" = Trojan Remover 6.8.3
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Update Service" = Update Service
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2012 17:07:04 | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2012 05:25:53 | Computer Name = Harry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.03.2012 05:25:53 | Computer Name = Harry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 40492166
Error - 30.03.2012 05:25:53 | Computer Name = Harry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40492166
Error - 30.03.2012 11:20:44 | Computer Name = Harry-PC | Source = Perflib | ID = 1010
Description =
Error - 30.03.2012 12:23:38 | Computer Name = Harry-PC | Source = WinMgmt | ID = 10
Description =
Error - 30.03.2012 12:57:45 | Computer Name = Harry-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 7.0.6002.18005, Zeitstempel
0x49e01e78, fehlerhaftes Modul aac_parser.ax, Version 1.1.0.0, Zeitstempel 0x4537b74a,
Ausnahmecode 0xc0000094, Fehleroffset 0x000065cb, Prozess-ID 0xaf4, Anwendungsstartzeit
01cd0e9291b0ee87.
Error - 30.03.2012 13:55:15 | Computer Name = Harry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 30.03.2012 13:55:15 | Computer Name = Harry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3016810
Error - 30.03.2012 13:55:15 | Computer Name = Harry-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3016810
[ System Events ]
Error - 23.03.2012 16:21:11 | Computer Name = Harry-PC | Source = Service Control Manager | ID = 7001
Description =
Error - 23.03.2012 16:21:11 | Computer Name = Harry-PC | Source = Service Control Manager | ID = 7026
Description =
Error - 23.03.2012 18:55:31 | Computer Name = Harry-PC | Source = DCOM | ID = 10005
Description =
Error - 23.03.2012 18:55:38 | Computer Name = Harry-PC | Source = DCOM | ID = 10005
Description =
Error - 25.03.2012 06:26:45 | Computer Name = Harry-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.100 für die Netzwerkkarte mit der Netzwerkadresse
001DE0B99BD9 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 26.03.2012 04:21:02 | Computer Name = Harry-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.100 für die Netzwerkkarte mit der Netzwerkadresse
001DE0B99BD9 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 29.03.2012 05:17:07 | Computer Name = Harry-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 87.79.121.1 für die Netzwerkkarte mit der Netzwerkadresse
00A0D1A6B3AD wurde durch den DHCP-Server 192.168.100.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 29.03.2012 05:17:28 | Computer Name = Harry-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.100.2 für die Netzwerkkarte mit der Netzwerkadresse
00A0D1A6B3AD wurde durch den DHCP-Server 192.168.100.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 29.03.2012 05:20:29 | Computer Name = Harry-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.100 für die Netzwerkkarte mit der Netzwerkadresse
001DE0B99BD9 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
Error - 29.03.2012 14:45:04 | Computer Name = Harry-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.100 für die Netzwerkkarte mit der Netzwerkadresse
001DE0B99BD9 wurde durch den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat
eine DHCPNACK-Meldung gesendet).
[ TuneUp Events ]
Error - 23.03.2012 05:25:08 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 23.03.2012 16:09:22 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 24.03.2012 07:36:26 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 24.03.2012 08:09:18 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 29.03.2012 05:09:02 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 29.03.2012 08:08:44 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 29.03.2012 08:36:46 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 29.03.2012 08:58:27 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 29.03.2012 11:34:05 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
Error - 29.03.2012 17:07:03 | Computer Name = Harry-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description =
< End of report >
Geändert von HarryW (31.03.2012 um 19:02 Uhr) |
|
01.04.2012, 18:00
| #6 | |
| /// Malware-holic | Mein Laptop wird immer langsamer....Logs beigefügtCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> Mein Laptop wird immer langsamer....Logs beigefügt |
|
01.04.2012, 22:40
| #7 |
| | Mein Laptop wird immer langsamer....Logs beigefügt Danke erstmal, Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-04-01.01 - Harry 01.04.2012 23:03:24.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.3069.1581 [GMT 2:00]
ausgeführt von:: c:\users\Harry\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Emsisoft Anti-Malware *Disabled/Outdated* {0ADC9F7D-20C1-240F-01E2-43466EBA893A}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Emsisoft Anti-Malware *Disabled/Outdated* {B1BD7E99-06FB-2B81-3B52-7834153DC387}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
ADS - Windows: deleted 24 bytes in 1 streams.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Acer\Acer Bio Protection\PwdFilter.dll
c:\program files\Keyword Search
c:\program files\Keyword Search\uninstall.exe
c:\users\Harry\AppData\Roaming\.#
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-03-01 bis 2012-04-01 ))))))))))))))))))))))))))))))
.
.
2012-04-01 21:21 . 2012-04-01 21:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-31 09:21 . 2012-03-31 09:37 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 09:40 . 2012-03-14 02:15 6582328 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9D94172-1982-4DE4-934D-6BEE89AD5CAC}\mpengine.dll
2012-03-29 12:30 . 2012-03-29 12:30 -------- d-----w- c:\program files\Common Files\Java
2012-03-24 12:02 . 2010-10-24 05:06 598528 ----a-w- c:\windows\system32\ztv7z.dll
2012-03-24 12:02 . 2010-10-24 05:06 178176 ----a-w- c:\windows\system32\ztvunrar39.dll
2012-03-24 12:02 . 2006-05-25 13:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2012-03-24 12:02 . 2005-08-25 23:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2012-03-24 12:02 . 2006-06-19 11:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2012-03-24 12:02 . 2003-02-02 18:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2012-03-24 12:02 . 2002-03-05 23:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2012-03-24 12:02 . 2012-03-24 12:02 -------- d-----w- c:\program files\Trojan Remover
2012-03-24 12:02 . 2012-03-24 12:02 -------- d-----w- c:\users\Harry\AppData\Roaming\Simply Super Software
2012-03-24 12:02 . 2012-03-24 12:02 -------- d-----w- c:\programdata\Simply Super Software
2012-03-22 22:12 . 2012-03-29 12:56 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2012-03-22 16:14 . 2012-02-09 10:59 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-03-22 16:13 . 2012-03-29 12:33 -------- d-----w- c:\program files\TuneUp Utilities 2012
2012-03-22 16:11 . 2012-03-22 16:11 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-03-21 21:07 . 2012-03-21 21:08 -------- d-----w- c:\program files\CCleaner
2012-03-21 20:49 . 2012-03-21 20:49 -------- d-----w- c:\programdata\AVS4YOU
2012-03-21 20:49 . 2012-03-21 20:52 -------- d-----w- c:\users\Harry\AppData\Roaming\AVS4YOU
2012-03-21 20:40 . 2012-03-21 20:41 -------- d-----w- c:\program files\AVS4YOU
2012-03-21 20:40 . 2012-03-21 20:40 -------- d-----w- c:\program files\Common Files\AVSMedia
2012-03-21 20:40 . 2011-06-23 12:25 24576 ----a-w- c:\windows\system32\msxml3a.dll
2012-03-21 15:53 . 2012-03-21 15:53 -------- d-----w- c:\users\Harry\AppData\Roaming\Malwarebytes
2012-03-21 15:53 . 2012-03-21 15:53 -------- d-----w- c:\programdata\Malwarebytes
2012-03-21 15:52 . 2012-03-21 15:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-03-21 15:52 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-17 19:45 . 2012-03-17 19:45 -------- d-----w- c:\users\Harry\AppData\Local\DDMSettings
2012-03-14 13:08 . 2012-02-02 15:16 2044416 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 13:08 . 2012-01-09 15:54 613376 ----a-w- c:\windows\system32\rdpencom.dll
2012-03-14 13:08 . 2012-01-09 13:58 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-31 09:37 . 2011-06-15 23:12 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-29 12:25 . 2010-04-19 11:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-02-23 08:18 . 2009-10-03 02:42 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 14:36 . 2011-10-24 02:14 137416 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-09 10:59 . 2010-02-11 01:31 21312 ----a-w- c:\windows\system32\authuitu.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2012-03-13 04:38 . 2012-03-21 15:47 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-03-04 22:38 121392 ----a-w- c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"PMCLoader"="c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe" [2008-01-24 644368]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-09 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-03-11 5296128]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-03-11 397312]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-03-07 544768]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-03 178712]
"ZPdtWzdVitaKey MC3000"="c:\program files\Acer\Acer Bio Protection\PdtWzd.exe" [2008-05-23 3642368]
"PLFSetI"="c:\windows\PLFSetI.exe" [2007-10-23 200704]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-03-13 805384]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-04-28 13756960]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-09-07 152872]
"Skytel"="Skytel.exe" [2007-11-20 1826816]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2009-07-02 206120]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-10-08 47904]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-01-23 1238800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2008-5-23 1216512]
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-24 723760]
Pinnacle Streaming Server.lnk - c:\program files\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-12-3 599312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AWinNotifyVitaKey MC3000]
2008-05-23 16:09 3024384 ----a-w- c:\program files\Acer\Acer Bio Protection\WinNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"WindowsWelcomeCenter"=rundll32.exe oobefldr.dll,ShowWelcomeCenter
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
"PMCLoader"=c:\program files\Pinnacle\TVCenter Pro\PMCLoader.exe -checktasks
"WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" /background
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"Flashget"="c:\program files\FlashGet\FlashGet.exe" /min
"CanonSolutionMenu"=c:\program files\Canon\SolutionMenu\CNSLMAIN.exe /logon
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 253600]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [2011-05-19 17904]
S2 a2AntiMalware;Emsisoft Anti-Malware 6.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [2012-01-22 3025112]
S3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [2011-11-02 51632]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-04-01 c:\windows\Tasks\1-Klick-Wartung.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 11:45]
.
2012-04-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 09:37]
.
2012-03-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-09 01:17]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 12:08]
.
2012-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-01 12:08]
.
2012-04-01 c:\windows\Tasks\User_Feed_Synchronization-{260D95C8-6567-488A-A763-EEA74C6C3687}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: &Alles mit FlashGet laden - c:\program files\FlashGet\jc_all.htm
IE: &Mit FlashGet laden - c:\program files\FlashGet\jc_link.htm
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 81.173.194.68 213.168.112.60
FF - ProfilePath - c:\users\Harry\AppData\Roaming\Mozilla\Firefox\Profiles\r1z07m5o.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: network.proxy.ftp - 93.89.84.220
FF - prefs.js: network.proxy.ftp_port - 3128
FF - prefs.js: network.proxy.http - 93.89.84.220
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.socks - 93.89.84.220
FF - prefs.js: network.proxy.socks_port - 3128
FF - prefs.js: network.proxy.ssl - 93.89.84.220
FF - prefs.js: network.proxy.ssl_port - 3128
FF - prefs.js: network.proxy.type - 1
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Keyword Search - c:\program files\Keyword Search\uninstall.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1440)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Acer\Acer Bio Protection\CompPtcVUI.exe
c:\windows\system32\vfsFPService.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Acer\Empowering Technology\Service\ETService.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
c:\windows\system32\Pen_Tablet.exe
c:\program files\o2\Mobile Connection Manager\ImpWiFiSvc.exe
c:\windows\System32\TUProgSt.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\Pen_Tablet.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-04-01 23:35:22 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-04-01 21:34
.
Vor Suchlauf: 19 Verzeichnis(se), 69.896.667.136 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 69.743.558.656 Bytes frei
.
- - End Of File - - 48D334E563D68FE019CD0CCEAB222C32
|
|
02.04.2012, 13:25
| #8 |
| /// Malware-holic | Mein Laptop wird immer langsamer....Logs beigefügt sieht io aus, wie läuft das system?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.04.2012, 13:40
| #9 |
| | Mein Laptop wird immer langsamer....Logs beigefügt immer noch langsam :-( |
|
02.04.2012, 18:07
| #10 |
| /// Malware-holic | Mein Laptop wird immer langsamer....Logs beigefügt dann setzen wirs einmal komplett neu auf. 1. Datenrettung:
4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen. 6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Mein Laptop wird immer langsamer....Logs beigefügt |
| 5 minuten, benutzer, benutzernamen, bluscreen, direkt, fenster, folge, folgende, friert, hoffe, laptop, minute, minuten, neue, neuen, passwort, proxy, rechner, richtig, seite, sekunden, server, surfe, surfen, verlangt, website, öffnet |
