| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit BetriebssystemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.08.2012, 18:10
| #1 |
| |  gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem Malwarebytes Anti-Malware (Test) 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.09.10 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Beo :: BEO-PC [Administrator] Schutz: Aktiviert 09.08.2012 20:43:57 mbam-log-2012-08-09 (20-43-57).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 301463 Laufzeit: 2 Stunde(n), 32 Minute(n), 39 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Upgrade (Trojan.FakeAlert) -> Daten: C:\Users\Beo\AppData\Roaming\Microsoft\{9AFAE07C-A94B-4DF8-BF6D-D5551C04CF0A}\Upgrade.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Beo\AppData\Roaming\Microsoft\{9AFAE07C-A94B-4DF8-BF6D-D5551C04CF0A}\Upgrade.exe (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Beo\AppData\Local\Temp\soap0_wsdl.exe (Trojan.Inject) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Beo\Downloads\SoftonicDownloader_fuer_winamp.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Beo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
10.08.2012, 19:13
| #2 |
| /// Helfer-Team  | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem CustomScan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ |
|
11.08.2012, 12:27
| #3 |
| | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem OTL Logfile:
__________________Code:
ATTFilter OTL Extras logfile created on: 11.08.2012 00:38:06 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Beo\Downloads
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1013,09 Mb Total Physical Memory | 374,33 Mb Available Physical Memory | 36,95% Memory free
1,99 Gb Paging File | 0,93 Gb Available in Paging File | 46,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 215,79 Gb Total Space | 178,75 Gb Free Space | 82,84% Space Free | Partition Type: NTFS
Drive D: | 4,00 Gb Total Space | 2,65 Gb Free Space | 66,38% Space Free | Partition Type: FAT32
Computer Name: BEO-PC | User Name: Beo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0732D0EC-B49B-44C3-BEF4-DECD5DDA96D8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{0A14D695-ACB0-44B9-AC8C-9E683022E9E7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0D980A56-3302-41D6-A7AE-91001B140F9A}" = rport=137 | protocol=17 | dir=out | app=system |
"{186D571D-58C6-4B38-818A-6DFE63B25191}" = lport=139 | protocol=6 | dir=in | app=system |
"{19AFFEB5-9B03-43F1-8D5B-98D27E801727}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3705C64E-DBAD-4D9F-ABC8-E51E6A098D1E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{5359530E-EDD0-4F56-B436-4151ADD405E4}" = rport=445 | protocol=6 | dir=out | app=system |
"{535E91EF-0C02-4FAE-BD83-ECE4F340EC21}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{5DC9BD23-E7E4-416B-AD4A-544D556FD09E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{62D772A6-0B4A-4CAE-9A0B-3E2C42B25E2B}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{63D99D66-B69E-4B84-9F1D-C2A31F6029DE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{66949967-5323-4BD4-8AB6-FD9C270C36EA}" = lport=138 | protocol=17 | dir=in | app=system |
"{6E27ADA4-3DC0-4B57-AB9F-519955B47910}" = rport=138 | protocol=17 | dir=out | app=system |
"{850BCCA4-184E-4E25-9E4A-FDB98B6DDB2E}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{8E26A006-0758-4437-9D5B-2C4BFA12066B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AE7B04AA-40F9-45BF-AB47-9638B863F285}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B1177AE3-B888-44CA-96C1-C8D4EE5DD520}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BBEF5B60-1793-4472-BFAC-60A08CD1BD1F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C11D43FE-0365-4C9E-A7F0-DB0D9B96AE36}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C77F4A8B-6D16-4676-9038-E3BAF6590994}" = lport=445 | protocol=6 | dir=in | app=system |
"{DB96BAA0-9F89-48DF-A4B0-1A97F1733A92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E765A8D9-4448-4580-A19B-B7E08C66BB26}" = lport=137 | protocol=17 | dir=in | app=system |
"{F5138E4A-78FE-459C-AF87-EA50AB31749B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FA439A51-C95C-45CF-B879-8B531A56E9E6}" = rport=139 | protocol=6 | dir=out | app=system |
"{FD07F0B5-2793-4024-A75C-9AF083A39FD0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EA59D69-AF88-408F-B9E8-BC1379C44D62}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{122462A2-F581-4621-8AD1-78068815F174}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{282E38DF-4D6A-44FB-9E4B-5DC53D9E069A}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\lerdix\counter-strike\hl.exe |
"{28F32CB5-AF00-49DD-AAF3-0BE7AEF52987}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{329CBE86-DC99-480D-BB1F-F4F40287B18A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{37F413D2-9185-4B67-83C2-E9CB76A71FEC}" = protocol=6 | dir=in | app=c:\users\beo\desktop\w3\warcraft_3\war3.exe |
"{3A892A29-176C-49EB-9022-AFDB14ED1B42}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3D8970D8-58A0-466A-9565-09DFB4704F38}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe |
"{454B80BC-9C04-4E01-9F46-A1811761420B}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{45A3671F-FC91-4808-8A23-E4B3B755AE38}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{46A5656D-6039-4730-8687-9553B8D0E301}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{471A92E0-DA5D-4E56-BBAA-48B9441BCBEE}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{4CA83353-E1A0-42CD-A489-145BCE6D3CE1}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{4F686A23-2869-4A25-9F9E-DF459DF45360}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{517880C9-A4F2-4DED-A056-61AAA0275E7C}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{5669ECB4-FB8A-4761-9B45-6DE906DC6524}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{576845A5-04F5-4380-A4B4-E3529B36F417}" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{5D38C137-AE8A-4D37-BFD3-940F618E9E35}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{5F94AA9A-7E7C-4DDF-B962-8BC792FD5606}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{63050C2C-9747-4067-A85F-1E219F4AF5E2}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\lerdix\condition zero\hl.exe |
"{6C45847F-8BC6-4B08-AF48-347864A0420F}" = protocol=17 | dir=in | app=c:\users\beo\desktop\w3\warcraft_3\war3.exe |
"{705ABC12-894F-41B8-9E9E-59F9BDB3A143}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{71624590-7FDE-41E2-AA72-238290713A8A}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{7896A82A-CB1E-406C-AA3F-BC20ED439562}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe |
"{84E3BB89-F810-40BC-A28F-AF16D7E5B7A0}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{86FA4015-3739-4976-9ADA-8C6AB4467F2E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{89D830C1-945F-49B1-941D-A2ACF186C563}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{8CCE2D19-BBE7-4811-BFC2-A39CEFB838BE}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{8D4917C8-015A-4957-B45C-507ECE9A98E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{90B1727D-4974-4F8B-9C41-98B1E8530E1B}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\lerdix\counter-strike\hl.exe |
"{9F8C4D26-B963-4F14-B85A-4A33A60979DC}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{A3535530-32A1-4940-8F57-99AC2ABF6769}" = dir=in | app=c:\users\beo\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{A5D727F9-0FE4-44CB-A670-184C3F9508B2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A5FE255D-B592-4C86-B84E-22C5A36F232B}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{A8BD4082-EF02-442D-82B9-50D71DA2FEA7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{AFFD5735-FC90-43D3-995E-F23489245F01}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B33BFD45-C77D-45FB-9D70-EF99347A44B0}" = protocol=6 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{B99B22CD-8604-418A-A247-AF0C3840D768}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{BEEFCC05-AFAC-401E-964E-B336DD2D1F87}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{C18DFB00-F15F-410D-8E3A-77A8ACFC072C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C264B6E5-7627-4321-AEB3-7145C4CA8699}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CC13BDFE-A048-421A-BA2D-1627F9BFA5E2}" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"{CDCFF6F4-9C92-4654-922F-5B6708F3CB33}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\lerdix\condition zero\hl.exe |
"{D2F57914-89D7-429E-AAB1-6DF6A7344F1E}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{D992BC48-CB0A-49EC-895C-073DCFAD7C29}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{DE847D71-ABE4-49B0-8546-F7846C3E2D33}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E611E38A-187C-4299-9EE3-37202A56558A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{EA447041-3957-490C-A78D-FDF0C73D586B}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{ECD71275-6A54-4B8C-ADB6-AF17B15ACBF5}" = protocol=17 | dir=in | app=c:\program files\electronic arts\need for speed(tm) hot pursuit\launcher.exe |
"{EDE05404-7E1B-46F0-89BA-C25C7234D2BD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{EE7E8770-FDE7-46EB-A0CC-2D239FDC74EE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{F0EDD1FD-0788-4467-8563-0B8D43C5F217}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F11826A9-1292-4545-ACDF-99C4768AF354}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{F44397B1-CFB1-4E62-AAD0-57456289611D}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{F97692D2-3096-4D66-A91C-5580303F9270}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"TCP Query User{02C4486D-0EE3-45F9-9D21-14EB6AF0686E}C:\users\beo\desktop\w3\warcraft_3\war3.exe" = protocol=6 | dir=in | app=c:\users\beo\desktop\w3\warcraft_3\war3.exe |
"TCP Query User{034D853F-2605-40D2-816D-457F4F5F6AB0}C:\program files\icq7.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq7.5\icq.exe |
"TCP Query User{34470DF0-4656-4A23-8532-2BE355E16936}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{A87E1EE3-0930-4429-A8B8-36556BF26C9E}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{BB59A9DF-D312-45A1-85C2-10CD551E6A92}C:\users\beo\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\beo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{3B103824-1AD6-410F-B543-5306C63EE10C}C:\users\beo\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\beo\appdata\roaming\spotify\spotify.exe |
"UDP Query User{55E96DBA-E6F4-4B39-9A93-BB45F83C9FB8}C:\users\beo\desktop\w3\warcraft_3\war3.exe" = protocol=17 | dir=in | app=c:\users\beo\desktop\w3\warcraft_3\war3.exe |
"UDP Query User{7A1E6E76-8CD8-45EA-8D0F-155279D4A1BF}C:\program files\icq7.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq7.5\icq.exe |
"UDP Query User{ADA93DE0-6786-47A4-B327-D2EFB2381F90}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
"UDP Query User{AEDE4AB3-72AF-49C8-BE79-631A011729EF}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB)
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A9DFFD8-4E09-4B91-B957-454805B0D7C4}" = Zune Language Pack (CHS)
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3589A659-F732-4E65-A89A-5438C332E59D}" = Zune Language Pack (ELL)
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}" = Norton Online Backup
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C839E1-2BE4-4E77-A1BA-CCEA5DAFA741}" = Zune Language Pack (KOR)
"{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57C51D56-B287-4C11-9192-EC3C46EF76A4}" = Zune Language Pack (RUS)
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG)
"{5DEFD397-4012-46C3-B6DA-E8013E660772}" = Zune Language Pack (NOR)
"{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD)
"{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP)
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6EB931CD-A7DA-4A44-B74A-89C8EB50086F}" = Zune Language Pack (SVE)
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5
"{76BA306B-2AA0-47C0-AB6B-F313AB56C136}" = Zune Language Pack (MSL)
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8960A0A1-BB5A-479E-92CF-65AB9D684B43}" = Zune Language Pack (PLK)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B112338-2B08-4851-AF84-E7CAD74CEB32}" = Zune Language Pack (DAN)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92ECE3F9-591E-4C12-8A62-B9FCE38BF646}" = Zune Language Pack (IND)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B75648B-6C30-4A0D-9DE6-0D09D20AF5A5}" = Zune
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A5A53EA8-A11E-49F0-BDF5-AE536426A31A}" = Zune Language Pack (CHT)
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A8F2E50B-86E2-4D96-9BD2-9758BCC6F9B3}" = Zune Language Pack (CSY)
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B4870774-5F3A-46D9-9DFE-06FB5599E26B}" = Zune Language Pack (FIN)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU)
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA)
"{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA)
"{C6A09671-93A6-4548-9FAE-3BF21EB9C921}" = AVG 2012
"{C6BE19C6-B102-4038-B2A6-1C313872DBB4}" = Zune Language Pack (HUN)
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D8A781C9-3892-4E2E-9320-480CF896CFBB}" = Zune Language Pack (JPN)
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2CB8C3C-9C9E-4FAB-9067-655601C5F748}" = Windows Mobile Device Updater Component
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3B29FD3CCF1F5B855DA0C521597413EBABE97DFB" = ENE USB Card Reader Driver
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"AVMWLANCLI" = AVM FRITZ!WLAN
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Identity Card" = Identity Card
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{523281E5-91DD-49F5-9D85-954148F7596A}" = AndroidInstaller
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NSS" = Norton Security Scan
"PhotoScape" = PhotoScape
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tactical Ops" = Tactical Ops
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 2.0.2
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zune" = Zune
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 21.07.2012 10:56:33 | Computer Name = Beo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.5.0.5259, Zeitstempel:
0x4e354e55 Name des fehlerhaften Moduls: MCore.dll, Version: 7.5.0.5259, Zeitstempel:
0x4e354c84 Ausnahmecode: 0xc0000005 Fehleroffset: 0x000b8f27 ID des fehlerhaften Prozesses:
0x910 Startzeit der fehlerhaften Anwendung: 0x01cd6750f3c54c60 Pfad der fehlerhaften
Anwendung: C:\Program Files\ICQ7.5\ICQ.exe Pfad des fehlerhaften Moduls: C:\Program
Files\ICQ7.5\MCore.dll Berichtskennung: 429c2a8a-d344-11e1-8d2f-1c75084aa777
Error - 21.07.2012 11:14:59 | Computer Name = Beo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x5e3aadf3 ID des fehlerhaften Prozesses: 0x1294 Startzeit der fehlerhaften Anwendung:
0x01cd67514b285ed0 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad
des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll Berichtskennung: d5a2ea2f-d346-11e1-8d2f-1c75084aa777
Error - 21.07.2012 12:10:59 | Computer Name = Beo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x5e3aadf3 ID des fehlerhaften Prozesses: 0x101c Startzeit der fehlerhaften Anwendung:
0x01cd675892666e92 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad
des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll Berichtskennung: a86ee054-d34e-11e1-8d2f-1c75084aa777
Error - 21.07.2012 13:49:56 | Computer Name = Beo-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1340 Startzeit:
01cd6762e5ed9089 Endzeit: 53 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
73e599fb-d35c-11e1-8d2f-1c75084aa777
Error - 22.07.2012 13:01:09 | Computer Name = Beo-PC | Source = Windows Backup | ID = 4103
Description =
Error - 24.07.2012 10:07:13 | Computer Name = Beo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3989,
Zeitstempel: 0x4cf9293f Name des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll_unloaded,
Version: 0.0.0.0, Zeitstempel: 0x4febd798 Ausnahmecode: 0xc0000005 Fehleroffset:
0x5eabadf3 ID des fehlerhaften Prozesses: 0x1584 Startzeit der fehlerhaften Anwendung:
0x01cd69a2699a4eb7 Pfad der fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe
Pfad
des fehlerhaften Moduls: NPSWF32_11_3_300_265.dll Berichtskennung: dd820e99-d598-11e1-8ade-1c75084aa777
Error - 28.07.2012 07:07:43 | Computer Name = Beo-PC | Source = Google Update | ID = 20
Description =
Error - 28.07.2012 11:51:12 | Computer Name = Beo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_3_300_268.exe,
Version: 11.3.300.268, Zeitstempel: 0x500adb58 Name des fehlerhaften Moduls: NPSWF32_11_3_300_268.dll,
Version: 11.3.300.268, Zeitstempel: 0x500addb8 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00493c58 ID des fehlerhaften Prozesses: 0x4d0 Startzeit der fehlerhaften Anwendung:
0x01cd6cc719d88c32 Pfad der fehlerhaften Anwendung: C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
Pfad
des fehlerhaften Moduls: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll
Berichtskennung:
0dcd60fa-d8cc-11e1-862d-1c75084aa777
Error - 28.07.2012 11:53:17 | Computer Name = Beo-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 16c0 Startzeit:
01cd6cc6dbb8f599 Endzeit: 235 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
52b4904d-d8cc-11e1-862d-1c75084aa777
Error - 29.07.2012 13:00:07 | Computer Name = Beo-PC | Source = Windows Backup | ID = 4103
Description =
Error - 30.07.2012 14:53:43 | Computer Name = Beo-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 130c Startzeit:
01cd6e66aa0223ad Endzeit: 35 Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe
Berichts-ID:
dcb0a092-da77-11e1-bea4-1c75084aa777
[ System Events ]
Error - 09.08.2012 16:45:58 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst WerSvc erreicht.
Error - 09.08.2012 23:20:29 | Computer Name = Beo-PC | Source = DCOM | ID = 10010
Description =
Error - 09.08.2012 23:23:12 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PCSpeedUp Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.08.2012 23:23:26 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753636.
Error - 09.08.2012 23:23:26 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10.08.2012 13:14:18 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PCSpeedUp Service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 10.08.2012 13:14:31 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "AVGIDSAgent" wurde mit folgendem dienstspezifischem Fehler
beendet: %%-536753636.
Error - 10.08.2012 13:14:33 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error - 10.08.2012 14:28:04 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 10.08.2012 18:46:53 | Computer Name = Beo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows-Fehlerberichterstattungsdienst erreicht.
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.08.2012 00:38:06 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Beo\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 374,33 Mb Available Physical Memory | 36,95% Memory free 1,99 Gb Paging File | 0,93 Gb Available in Paging File | 46,53% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 178,75 Gb Free Space | 82,84% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,65 Gb Free Space | 66,38% Space Free | Partition Type: FAT32 Computer Name: BEO-PC | User Name: Beo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Beo\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe () PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\Users\Beo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) PRC - C:\Programme\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll () MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - C:\Users\Beo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Programme\VideoLAN\VLC\libvlccore.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\audio_output\libaout_directx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\misc\libxml_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\mmxext\libmemcpymmxext_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\video_output\libdirectx_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\plugins\access\libdshow_plugin.dll () MOD - C:\Programme\VideoLAN\VLC\libvlc.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Acer\Android Manager\DEU.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV - (PCSpeedUpService) -- C:\Program Files\PC Beschleunigen\PCSpeedUpService.exe File not found SRV - (vToolbarUpdater12.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws) -- C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe () SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (XDva386) -- C:\Windows\system32\XDva386.sys File not found DRV - (XDva385) -- C:\Windows\system32\XDva385.sys File not found DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437 IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437 IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437 IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = hxxp://search.alot.com/web?q={searchTerms} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A341CF5A-2591-4733-9115-7A4D8FA3B749}&mid=00468a79b3a247d199bfcd3c4eae4e84-e36b4e6ce5ddd8bacd0ecd55119ad7c9bacda37b&lang=de&ds=AVG&pr=pr&d=2012-06-16 20:00:13&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163 FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3 FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 FF - prefs.js..extensions.enabledItems: avg@toolbar:12.2.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 FF - prefs.js..extensions.enabledItems: bntoolbar@easydategroup.com:1.0 FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166 FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7Bc05ac4d3-55b0-45da-9b33-b8c4fe7104a6%7D&mid=00468a79b3a247d199bfcd3c4eae4e84-e36b4e6ce5ddd8bacd0ecd55119ad7c9bacda37b&ds=AVG&v=12.2.0.5&lang=de&pr=pr&d=2012-06-16%2020%3A00%3A13&sap=ku&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Beo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.06.16 20:00:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 21:23:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012.08.08 17:07:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.16 19:55:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.07 11:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.24 21:18:04 | 000,000,000 | ---D | M] [2011.02.28 11:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beo\AppData\Roaming\mozilla\Extensions [2012.08.11 00:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions [2012.05.06 19:32:03 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.14 10:08:39 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.04.30 10:21:12 | 000,000,000 | ---D | M] ("BeNaughty toolbar") -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\bntoolbar@easydategroup.com [2011.07.17 16:35:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\ffxtlbr@babylon.com [2012.08.11 00:47:42 | 000,001,056 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Mozilla\Firefox\Profiles\jvgjn40j.default\searchplugins\icqplugin.xml [2012.04.03 19:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.26 17:34:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.03 19:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.06.16 19:55:32 | 000,000,000 | ---D | M] (AVG Do Not Track) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX\DONOTTRACK [2012.06.16 20:00:41 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG2012\FIREFOX4 [2011.11.20 21:23:33 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.04.26 17:34:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.03 19:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.08.08 17:07:17 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5 [2012.04.03 19:29:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.08 17:06:45 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.07.17 16:35:45 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437 CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\ CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\ CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKCU..\Run: [Facebook Update] C:\Users\Beo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [Spotify] C:\Users\Beo\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Beo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17BA6A19-E1D0-4992-B45B-A0D824ADDE98}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89492E37-9C0E-4D89-8DCA-CD4DE4AA6794}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{610708ea-b557-11e0-81b1-1c75084aa777}\Shell - "" = AutoRun O33 - MountPoints2\{610708ea-b557-11e0-81b1-1c75084aa777}\Shell\AutoRun\command - "" = E:\pushinst.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.09 22:24:15 | 000,000,000 | ---D | C] -- C:\Users\Beo\Desktop\51187-anleitung-malwarebytes-anti-malware-Dateien [2012.08.09 20:41:09 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\Malwarebytes [2012.08.09 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.09 20:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.09 20:40:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.09 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.09 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\Help [2012.08.09 20:09:05 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\TeamViewer [2012.08.08 17:07:08 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.07.28 19:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.07.28 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.07.28 19:56:06 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll [2012.07.20 21:58:18 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Local\Spotify [2012.07.20 21:57:23 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\Spotify [2012.07.13 19:10:28 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.07.13 19:10:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.07.13 19:10:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.07.13 19:10:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.07.13 19:10:21 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.07.13 19:10:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.07.13 19:10:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.07.13 19:00:13 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.07.13 16:21:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdosys.dll [2012.07.13 16:21:35 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msxml3r.dll [2012.07.13 16:21:33 | 000,219,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.11 01:03:25 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000UA.job [2012.08.11 00:44:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.11 00:26:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.10 19:21:48 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.10 19:21:48 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.10 19:14:09 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2012.08.10 18:58:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000Core.job [2012.08.09 22:24:49 | 000,062,568 | ---- | M] () -- C:\Users\Beo\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2012.08.09 20:40:58 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.09 20:26:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad [2012.08.09 19:10:50 | 000,654,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.09 19:10:50 | 000,616,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.09 19:10:50 | 000,130,212 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.09 19:10:50 | 000,106,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.08 17:07:08 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.08.03 00:44:39 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.08.03 00:44:39 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.07.24 21:18:05 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.07.20 21:58:14 | 000,001,797 | ---- | M] () -- C:\Users\Beo\Desktop\Spotify.lnk [2012.07.17 11:37:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.16 22:49:23 | 000,029,852 | ---- | M] () -- C:\Users\Beo\Desktop\....m3u [2012.07.15 14:53:59 | 000,403,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.09 22:24:10 | 000,062,568 | ---- | C] () -- C:\Users\Beo\Desktop\51187-anleitung-malwarebytes-anti-malware.html [2012.08.09 20:40:58 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.09 20:16:42 | 004,503,728 | ---- | C] () -- C:\ProgramData\ldsw_0paos.pad [2012.07.20 21:58:14 | 000,001,797 | ---- | C] () -- C:\Users\Beo\Desktop\Spotify.lnk [2012.07.20 21:58:14 | 000,001,783 | ---- | C] () -- C:\Users\Beo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.07.17 11:37:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.16 22:49:23 | 000,029,852 | ---- | C] () -- C:\Users\Beo\Desktop\....m3u [2011.12.17 18:56:52 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.12.17 18:56:52 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.10.02 14:09:25 | 000,000,260 | ---- | C] () -- C:\Windows\_delis32.ini [2011.09.01 20:51:49 | 000,000,182 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.07.23 20:21:15 | 000,015,573 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2011.04.12 14:29:35 | 000,004,608 | ---- | C] () -- C:\Users\Beo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.28 11:30:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.28 00:14:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.12.10 13:08:32 | 000,654,372 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.12.10 13:08:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.12.10 13:08:32 | 000,130,212 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.12.10 13:08:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.12.10 04:44:27 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.12.10 04:44:27 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010.12.10 04:44:27 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.12.10 04:44:27 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.09.17 09:19:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.09.17 09:18:36 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll [2010.09.17 09:10:33 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2010.09.17 09:10:32 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2010.09.17 09:10:32 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010.09.17 09:10:32 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2010.09.17 09:10:32 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat ========== LOP Check ========== [2012.06.16 19:54:41 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\AVG2012 [2012.04.30 10:21:15 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\BeNaughtyChat [2011.08.26 21:59:45 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\DVDVideoSoft [2011.07.17 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.08 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Fighters [2012.08.05 20:34:10 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\ICQ [2011.06.11 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\OpenCandy [2012.05.06 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\PC Remote [2011.12.30 09:58:28 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\PhotoScape [2011.05.13 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Registry Mechanic [2012.01.08 20:52:14 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\SoftGrid Client [2012.08.10 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Spotify [2012.08.09 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\TeamViewer [2011.03.07 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\TP [2012.04.30 10:21:07 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\vcards [2012.08.10 18:58:06 | 000,001,108 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000Core.job [2012.08.11 01:03:25 | 000,001,130 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000UA.job [2012.08.06 16:45:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:93EB7685 @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:5D7E5A8F @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:CDFF58FE @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E3C56885 @Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:4D066AD2 @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:798A3728 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1 < End of report > |
|
11.08.2012, 16:03
| #4 |
| /// Helfer-Team | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit BetriebssystemFixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
SRV - (PCSpeedUpService) -- C:\Program Files\PC Beschleunigen\PCSpeedUpService.exe File not found
SRV - (vToolbarUpdater12.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe ()
SRV - (AVG Security Toolbar Service) -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
DRV - (XDva386) -- C:\Windows\system32\XDva386.sys File not found
DRV - (XDva385) -- C:\Windows\system32\XDva385.sys File not found
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437
IE - HKCU\..\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}: "URL" = http://search.alot.com/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A341CF5A-2591-4733-9115-7A4D8FA3B749}&mid=00468a79b3a247d199bfcd3c4eae4e84-e36b4e6ce5ddd8bacd0ecd55119ad7c9bacda37b&lang=de&ds=AVG&pr=pr&d=2012-06-16 20:00:13&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163
FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: avg@toolbar:12.2.0.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: bntoolbar@easydategroup.com:1.0
FF - prefs.js..extensions.enabledItems: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166
FF - prefs.js..keyword.URL: "https://isearch.avg.com/search?cid=%7Bc05ac4d3-55b0-45da-9b33-b8c4fe7104a6%7D&mid=00468a79b3a247d199bfcd3c4eae4e84-e36b4e6ce5ddd8bacd0ecd55119ad7c9bacda37b&ds=AVG&v=12.2.0.5&lang=de&pr=pr&d=2012-06-16%2020%3A00%3A13&sap=ku&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012.08.08 17:07:17 | 000,000,000 | ---D | M]
[2012.08.08 17:07:17 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{610708ea-b557-11e0-81b1-1c75084aa777}\Shell - "" = AutoRun
O33 - MountPoints2\{610708ea-b557-11e0-81b1-1c75084aa777}\Shell\AutoRun\command - "" = E:\pushinst.exe
[2012.07.28 19:59:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2012.08.09 20:26:41 | 004,503,728 | ---- | M] () -- C:\ProgramData\ldsw_0paos.pad
[2012.06.16 19:54:41 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\AVG2012
@Alternate Data Stream - 149 bytes -> C:\ProgramData\Temp:93EB7685
@Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:5D7E5A8F
@Alternate Data Stream - 143 bytes -> C:\ProgramData\Temp:CDFF58FE
@Alternate Data Stream - 135 bytes -> C:\ProgramData\Temp:E1F04E8D
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:E3C56885
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:4D066AD2
@Alternate Data Stream - 118 bytes -> C:\ProgramData\Temp:798A3728
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
[2012.08.11 01:03:25 | 000,001,130 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000UA.job
[2012.08.11 00:44:12 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.10 18:58:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000Core.job
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! |
|
12.08.2012, 14:11
| #5 |
| | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem All processes killed ========== OTL ========== Service PCSpeedUpService stopped successfully! Service PCSpeedUpService deleted successfully! File C:\Program Files\PC Beschleunigen\PCSpeedUpService.exe File not found not found. Service vToolbarUpdater12.2.0 stopped successfully! Service vToolbarUpdater12.2.0 deleted successfully! C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe moved successfully. Service AVG Security Toolbar Service stopped successfully! Service AVG Security Toolbar Service deleted successfully! C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe moved successfully. Service XDva386 stopped successfully! Service XDva386 deleted successfully! File C:\Windows\system32\XDva386.sys File not found not found. Service XDva385 stopped successfully! Service XDva385 deleted successfully! File C:\Windows\system32\XDva385.sys File not found not found. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully! Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AA2BA46-9913-4DC7-9620-69AB0FA17AE7}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully. HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully! Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename Prefs.js: "google.de" removed from browser.startup.homepage Prefs.js: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.2163 removed from extensions.enabledItems Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems Prefs.js: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216 removed from extensions.enabledItems Prefs.js: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145 removed from extensions.enabledItems Prefs.js: avg@toolbar:12.2.0.5 removed from extensions.enabledItems Prefs.js: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31 removed from extensions.enabledItems Prefs.js: bntoolbar@easydategroup.com:1.0 removed from extensions.enabledItems Prefs.js: {F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166 removed from extensions.enabledItems Prefs.js: "https://isearch.avg.com/search?cid=%7Bc05ac4d3-55b0-45da-9b33-b8c4fe7104a6%7D&mid=00468a79b3a247d199bfcd3c4eae4e84-e36b4e6ce5ddd8bacd0ecd55119ad7c9bacda37b&ds=AVG&v=12.2.0.5&lang=de&pr=pr&d=2012-06-16%2020%3A00%3A13&sap=ku&q=" removed from keyword.URL Prefs.js: 0 removed from network.proxy.type File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ not found. C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5\modules\skin folder moved successfully. C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5\modules folder moved successfully. C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5\locale\en-US folder moved successfully. C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5\locale folder moved successfully. C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5\components folder moved successfully. C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5\chrome folder moved successfully. C:\PROGRAMDATA\AVG SECURE SEARCH\12.2.0.5 folder moved successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully. C:\Programme\DivX\DivX Update\DivXUpdate.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully. Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found. Starting removal of ActiveX control {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}\ not found. Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{610708ea-b557-11e0-81b1-1c75084aa777}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{610708ea-b557-11e0-81b1-1c75084aa777}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{610708ea-b557-11e0-81b1-1c75084aa777}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{610708ea-b557-11e0-81b1-1c75084aa777}\ not found. File E:\pushinst.exe not found. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight folder moved successfully. C:\Windows\System32\sho2B27.tmp deleted successfully. C:\Windows\System32\sho51BF.tmp deleted successfully. C:\ProgramData\ldsw_0paos.pad moved successfully. C:\Users\Beo\AppData\Roaming\AVG2012\cfgall folder moved successfully. C:\Users\Beo\AppData\Roaming\AVG2012 folder moved successfully. ADS C:\ProgramData\Temp:93EB7685 deleted successfully. ADS C:\ProgramData\Temp:5D7E5A8F deleted successfully. ADS C:\ProgramData\Temp:CDFF58FE deleted successfully. ADS C:\ProgramData\Temp:E1F04E8D deleted successfully. ADS C:\ProgramData\Temp:E3C56885 deleted successfully. ADS C:\ProgramData\Temp:4D066AD2 deleted successfully. ADS C:\ProgramData\Temp:798A3728 deleted successfully. ADS C:\ProgramData\Temp  1B5B4F1 deleted successfully.C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000UA.job moved successfully. C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully. C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2413335243-2312487736-1575850753-1000Core.job moved successfully. ========== FILES ========== < ipconfig /flushdns /c > Windows-IP-Konfiguration Der DNS-Aufl”sungscache wurde geleert. C:\Users\Beo\Downloads\cmd.bat deleted successfully. C:\Users\Beo\Downloads\cmd.txt deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator User: All Users User: Beo ->Temp folder emptied: 2034599403 bytes ->Temporary Internet Files folder emptied: 5079860 bytes ->Java cache emptied: 4682363 bytes ->FireFox cache emptied: 77290323 bytes ->Google Chrome cache emptied: 6418916 bytes ->Flash cache emptied: 48634 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56504 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 266059778 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.283,00 mb [EMPTYFLASH] User: Administrator User: All Users User: Beo ->Flash cache emptied: 0 bytes User: Default ->Flash cache emptied: 0 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0,00 mb OTL by OldTimer - Version 3.2.57.0 log created on 08122012_133429 Files\Folders moved on Reboot... File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot. PendingFileRenameOperations files... [2012.08.12 13:41:18 | 000,000,000 | ---- | M] () C:\Windows\temp\dsiwmis.log : Unable to obtain MD5 Registry entries deleted on Reboot... |
|
12.08.2012, 21:27
| #6 |
| /// Helfer-Team | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem Unterlasse es staendig neue Themen zu eroeffnen!!!! 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem |
|
13.08.2012, 15:29
| #7 |
| | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem OTL Logfile: Code:
ATTFilter OTL logfile created on: 13.08.2012 13:47:22 - Run 2 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Beo\Downloads Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1013,09 Mb Total Physical Memory | 141,15 Mb Available Physical Memory | 13,93% Memory free 1,99 Gb Paging File | 0,87 Gb Available in Paging File | 43,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 215,79 Gb Total Space | 180,01 Gb Free Space | 83,42% Space Free | Partition Type: NTFS Drive D: | 4,00 Gb Total Space | 2,65 Gb Free Space | 66,38% Space Free | Partition Type: FAT32 Computer Name: BEO-PC | User Name: Beo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Beo\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\Users\Beo\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) PRC - C:\Users\Beo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () PRC - C:\Users\Beo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Winamp\winampa.exe (Nullsoft, Inc.) PRC - C:\Programme\Zune\ZuneLauncher.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) PRC - C:\Programme\Launch Manager\LMworker.exe (Dritek System Inc.) PRC - C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated) PRC - C:\Windows\PLFSetI.exe () PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Programme\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) PRC - C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) PRC - C:\Programme\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) PRC - C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) PRC - C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll () MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - C:\Users\Beo\AppData\Roaming\Spotify\Data\libcef.dll () MOD - C:\Users\Beo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\06269663e6482bc4ceeb48c2a7d1ad34\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Programme\Mozilla Firefox\js3250.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Programme\Acer\Android Manager\DEU.dll () MOD - C:\Windows\PLFSetI.exe () MOD - C:\Programme\Launch Manager\CdDirIo.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws) -- C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (ZuneWlanCfgSvc) -- C:\Programme\Zune\ZuneWlanCfgSvc.exe (Microsoft Corporation) SRV - (WMZuneComm) -- C:\Programme\Zune\WMZuneComm.exe (Microsoft Corporation) SRV - (ZuneNetworkSvc) -- C:\Programme\Zune\ZuneNss.exe (Microsoft Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (DsiWMIService) -- C:\Programme\Launch Manager\dsiwmis.exe (Dritek System Inc.) SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (NOBU) -- C:\Program Files\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation) SRV - (MWLService) -- C:\Programme\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.) SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated) SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Group) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GREGService) -- C:\Programme\Acer\Registration\GREGsvc.exe (Acer Incorporated) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin) ========== Driver Services (SafeList) ========== DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (EUCR) -- C:\Windows\System32\drivers\EUCR6SK.sys (ENE Technology Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Technology Inc.) DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Technology Inc.) DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Technology Inc.) DRV - (fwlanusbn) -- C:\Windows\System32\drivers\fwlanusbn.sys (AVM GmbH) DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\URLSearchHook: - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437 IE - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Beo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.06.16 20:00:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.20 21:23:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012.06.16 19:55:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.07 11:07:16 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.24 21:18:04 | 000,000,000 | ---D | M] [2011.02.28 11:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beo\AppData\Roaming\mozilla\Extensions [2012.08.12 14:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions [2012.08.11 14:32:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2011.05.14 10:08:39 | 000,000,000 | ---D | M] (IMinent Toolbar) -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012.04.30 10:21:12 | 000,000,000 | ---D | M] ("BeNaughty toolbar") -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\bntoolbar@easydategroup.com [2011.07.17 16:35:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Beo\AppData\Roaming\mozilla\Firefox\Profiles\jvgjn40j.default\extensions\ffxtlbr@babylon.com [2012.08.11 00:47:42 | 000,001,056 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Mozilla\Firefox\Profiles\jvgjn40j.default\searchplugins\icqplugin.xml [2012.04.03 19:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.26 17:34:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.03 19:30:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} [2012.04.03 19:29:32 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010.12.03 20:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.08 17:06:45 | 000,003,768 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2011.07.17 16:35:45 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml [2010.12.03 20:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010.12.03 20:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010.12.03 20:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010.12.03 20:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://search.babylon.com/?babsrc=HP_ss&mntrId=b04902fe000000000000929ffa32013a&tlver=1.4.19.19&affID=19437 CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.137.7_0\ CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\ CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1374_0\ CHR - Extension: No name found = C:\Users\Beo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4 - HKLM..\Run: [AndroidManager] C:\Programme\Acer\Android Manager\AML.exe () O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [iPatchData] C:\Programme\Acer\Updater\iUpdate.exe (Insyde Software Corp.) O4 - HKLM..\Run: [iSyncData] C:\Programme\Acer\Android Manager\iSync.exe (Insyde Software Corp.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Programme\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [SuiteTray] C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.) O4 - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000..\Run: [Facebook Update] C:\Users\Beo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) O4 - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000..\Run: [ICQ] C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.) O4 - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000..\Run: [Spotify] C:\Users\Beo\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2413335243-2312487736-1575850753-1000..\Run: [Spotify Web Helper] C:\Users\Beo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{17BA6A19-E1D0-4992-B45B-A0D824ADDE98}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{89492E37-9C0E-4D89-8DCA-CD4DE4AA6794}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.08.12 15:22:00 | 000,000,000 | ---D | C] -- C:\Users\Beo\Desktop\Trojaner-Board-Dateien [2012.08.12 14:31:20 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\AVG2012 [2012.08.12 13:34:30 | 000,000,000 | ---D | C] -- C:\_OTL [2012.08.09 20:41:09 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\Malwarebytes [2012.08.09 20:40:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.09 20:40:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.09 20:40:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.08.09 20:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.08.09 20:13:14 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\Help [2012.08.09 20:09:05 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\TeamViewer [2012.08.08 17:07:08 | 000,027,496 | ---- | C] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.07.28 19:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.07.20 21:58:18 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Local\Spotify [2012.07.20 21:57:23 | 000,000,000 | ---D | C] -- C:\Users\Beo\AppData\Roaming\Spotify ========== Files - Modified Within 30 Days ========== [2012.08.13 15:11:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.13 13:43:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 13:43:38 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.13 13:36:00 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys [2012.08.12 15:22:04 | 000,055,944 | ---- | M] () -- C:\Users\Beo\Desktop\Trojaner-Board.htm [2012.08.09 20:40:58 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.09 19:10:50 | 000,654,372 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.08.09 19:10:50 | 000,616,214 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.08.09 19:10:50 | 000,130,212 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.08.09 19:10:50 | 000,106,594 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.08.08 17:07:08 | 000,027,496 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.07.24 21:18:05 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.07.20 21:58:14 | 000,001,797 | ---- | M] () -- C:\Users\Beo\Desktop\Spotify.lnk [2012.07.17 11:37:48 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.16 22:49:23 | 000,029,852 | ---- | M] () -- C:\Users\Beo\Desktop\....m3u [2012.07.15 14:53:59 | 000,403,680 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT ========== Files Created - No Company Name ========== [2012.08.12 15:22:00 | 000,055,944 | ---- | C] () -- C:\Users\Beo\Desktop\Trojaner-Board.htm [2012.08.09 20:40:58 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.20 21:58:14 | 000,001,797 | ---- | C] () -- C:\Users\Beo\Desktop\Spotify.lnk [2012.07.20 21:58:14 | 000,001,783 | ---- | C] () -- C:\Users\Beo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk [2012.07.17 11:37:48 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2012.07.16 22:49:23 | 000,029,852 | ---- | C] () -- C:\Users\Beo\Desktop\....m3u [2011.12.17 18:56:52 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2011.12.17 18:56:52 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2011.10.02 14:09:25 | 000,000,260 | ---- | C] () -- C:\Windows\_delis32.ini [2011.09.01 20:51:49 | 000,000,182 | ---- | C] () -- C:\Windows\SIERRA.INI [2011.07.23 20:21:15 | 000,015,573 | ---- | C] () -- C:\Windows\System32\drivers\fwlanusbn.bin [2011.04.12 14:29:35 | 000,004,608 | ---- | C] () -- C:\Users\Beo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.28 11:30:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2011.02.28 00:14:32 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2010.12.10 13:08:32 | 000,654,372 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2010.12.10 13:08:32 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2010.12.10 13:08:32 | 000,130,212 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2010.12.10 13:08:32 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2010.12.10 04:44:27 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2010.12.10 04:44:27 | 000,051,712 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [2010.12.10 04:44:27 | 000,000,637 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2010.12.10 04:44:27 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2010.09.17 09:19:26 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.09.17 09:18:36 | 000,361,808 | ---- | C] () -- C:\Windows\EMCRI_E.dll [2010.09.17 09:10:33 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT [2010.09.17 09:10:32 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat [2010.09.17 09:10:32 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2010.09.17 09:10:32 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2010.09.17 09:10:32 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat [2010.09.17 09:10:32 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat ========== LOP Check ========== [2012.08.12 14:31:20 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\AVG2012 [2012.04.30 10:21:15 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\BeNaughtyChat [2011.08.26 21:59:45 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\DVDVideoSoft [2011.07.17 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.08 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Fighters [2012.08.12 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\ICQ [2011.06.11 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\OpenCandy [2012.05.06 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\PC Remote [2011.12.30 09:58:28 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\PhotoScape [2011.05.13 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Registry Mechanic [2012.01.08 20:52:14 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\SoftGrid Client [2012.08.13 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Spotify [2012.08.09 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\TeamViewer [2011.03.07 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\TP [2012.04.30 10:21:07 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\vcards [2012.08.06 16:45:20 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.08.27 15:28:16 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Adobe [2012.08.12 14:31:20 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\AVG2012 [2012.04.30 10:21:15 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\BeNaughtyChat [2011.12.17 19:04:35 | 000,000,000 | R--D | M] -- C:\Users\Beo\AppData\Roaming\Brother [2011.03.10 20:37:26 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\DivX [2011.08.26 21:59:45 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\DVDVideoSoft [2011.07.17 16:34:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\DVDVideoSoftIEHelpers [2011.10.08 20:28:36 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Fighters [2012.08.09 20:13:14 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Help [2012.08.12 13:22:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\ICQ [2012.08.10 18:36:57 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Identities [2011.02.27 20:48:41 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Intel Corporation [2011.02.27 20:48:50 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Macromedia [2012.08.09 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Malwarebytes [2012.08.09 20:09:05 | 000,000,000 | --SD | M] -- C:\Users\Beo\AppData\Roaming\Microsoft [2011.02.28 11:30:42 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Mozilla [2011.06.11 22:33:30 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\OpenCandy [2012.05.06 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\PC Remote [2011.12.30 09:58:28 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\PhotoScape [2011.05.13 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Registry Mechanic [2012.08.09 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Skype [2012.01.08 20:52:14 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\SoftGrid Client [2012.08.13 13:42:30 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Spotify [2012.08.09 20:09:05 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\TeamViewer [2011.03.07 22:09:54 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\TP [2012.04.30 10:21:07 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\vcards [2012.08.10 17:44:00 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\vlc [2012.08.06 17:27:58 | 000,000,000 | ---D | M] -- C:\Users\Beo\AppData\Roaming\Winamp < %APPDATA%\*.exe /s > [2010.03.05 17:49:50 | 000,197,632 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\TbHelper2.exe [2010.03.12 18:45:00 | 000,042,496 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\uninstall.exe [2010.03.12 18:45:00 | 000,056,832 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\chrome\content\id_imbooster4web_v6\update.exe [2010.03.19 13:04:44 | 000,152,664 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Mozilla\Firefox\Profiles\jvgjn40j.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\setup_widget_serv.exe [2010.12.17 19:48:42 | 001,712,400 | ---- | M] (Speedchecker Limited ) -- C:\Users\Beo\AppData\Roaming\OpenCandy\OpenCandy_6A727DB56A5542319FC783C20C2074E4\PCBeschleunigen.exe [2010.12.17 21:41:58 | 000,043,432 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\OpenCandy\OpenCandy_6A727DB56A5542319FC783C20C2074E4\SpeedstarterDE.exe [2012.07.20 21:58:11 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\Beo\AppData\Roaming\Spotify\spotify.exe [2012.07.20 21:58:11 | 000,114,904 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Spotify\SpotifyLauncher.exe [2012.07.20 21:58:10 | 001,193,176 | ---- | M] () -- C:\Users\Beo\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2010.06.08 19:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\drivers\iaStor.sys [2010.06.08 19:23:34 | 000,435,736 | ---- | M] (Intel Corporation) MD5=D80AA0907748D7CC8EFAB3773F32629B -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_20f8d1b2e876a71d\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.07.14 13:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2010.07.14 13:01:28 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
13.08.2012, 22:58
| #8 |
| /// Helfer-Team | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem |
|
27.09.2012, 19:37
| #9 |
| /// Helfer-Team | gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu gvu win7 Intel (R) Atom (TM) CPU N 450 @ 1.66 GHz 167GHz 32Bit Betriebssystem |
| .com, administrator, adobe, adobe flash player, anti-malware, appdata, autorun, autostart, avg, betriebssystem, bho, cdrom, cid, cpu, dateien, defender, desktop, error, excel, explorer, firefox, flash player, format, gelöscht, gen, google, gvu win7, helper, homepage, intel, internet, internet explorer, logfile, malwarebytes, microsoft, mozilla, nvidia, programm, programme, quarantäne, realtek, registry, roaming, rundll, scan, secure, security, senden, server, service, setup, software, speicher, startup, stick, svchost.exe, symantec, system, system32, temp, test, trojan.fakealert, trojan.inject, usb, version, win, win7, windows, winlogon, winlogon.exe |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
