| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Lange ladezeit bei firefox, opera & ieWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.11.2012, 09:38
| #1 |
| |  Lange ladezeit bei firefox, opera & ie HALLO ZUSAMMEN, SEITE EINIGEN WOCHEN MUSS ICH FESTSTELLEN, DASS SO ETWA ALLE 14TAGE MEIN lAPTOP MEINT EXTREM LANGE BRAUCHT UM EINE INTERNETSEITE AUFZUBAUEN. EGAL OB ICH MIT FIREFOX,OPERA ODER IE ES VERSUCHE, ES KLAPPT EINFACH GAR NICHT ODER ERST NACH GUT 30MIN. ICH GEHE MITTELS EINEM WEB-STICK VON ALDI, SOWIE DER ALDI-TALK KARTE INS NETZ. EIGENTLICH HAT ES BISLANG FÜR MEINE ZWECKE ABSOLUT GEREICHT, NUR DASS DAS PROBLEM SEIT SEPTEMBER DA IST UND ES SICH ALLE 14TAGE WIEDERHOLT. ZEITWEISE FUNKTIONIERT ALLES EINWANDFREI UND DANN WIEDERUM NICHT. ICH HABE ZWAR CCLEANER, MALWAREBYTES, AVG 2013, ASHAMPO WIN OPTIMIZER ABER TROTZDEM KOMMT ES ZU EXTREMEN LADEZEITEN. MEINE LAPTOP DATEN Betriebssystemname Microsoft Windows XP Professional Version 5.1.2600 Service Pack 2 Build 2600 Betriebssystemhersteller Microsoft Corporation Systemname HOME-PC Systemhersteller Dell Computer Corporation Systemmodell Latitude D800 Systemtyp X86-basierter PC Prozessor x86 Family 6 Model 9 Stepping 5 GenuineIntel ~1598 Mhz BIOS-Version/-Datum Dell Computer Corporation A05, 30.09.2003 SMBIOS-Version 2.3 Windows-Verzeichnis C:\WINDOWS Systemverzeichnis C:\WINDOWS\system32 Startgerät \Device\HarddiskVolume1 Gebietsschema Deutschland Hardwareabstraktionsebene Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)" Benutzername HOME-PC\Administrator Zeitzone Westeuropäische Normalzeit Gesamter realer Speicher 512,00 MB Verfügbarer realer Speicher 139,26 MB Gesamter virtueller Speicher 2,00 GB Verfügbarer virtueller Speicher 1,96 GB Größe der Auslagerungsdatei 1,81 GB Auslagerungsdatei C:\pagefile.sys ANBEI FOLGENDE AUSWERTUNG: VON OTL: DIE OTL.TXTOTL Logfile: Code:
ATTFilter OTL logfile created on: 13.11.2012 05:35:07 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 511,23 Mb Total Physical Memory | 177,65 Mb Available Physical Memory | 34,75% Memory free 1,81 Gb Paging File | 1,22 Gb Available in Paging File | 67,46% Paging File free Paging file location(s): C:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 39,06 Gb Total Space | 11,54 Gb Free Space | 29,54% Space Free | Partition Type: NTFS Drive D: | 50,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 35,47 Gb Total Space | 19,08 Gb Free Space | 53,79% Space Free | Partition Type: NTFS Drive F: | 17,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Opera\opera.exe (Opera Software) PRC - C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe () PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () PRC - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () PRC - C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\WINDOWS\system32\UAService7.exe () PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) PRC - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\Programme\Opera\gstreamer\gstreamer.dll () MOD - C:\Programme\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WTGXMLUtil.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WTGSMSPCClient.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgWiFi.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgUtil.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgCore.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\LiveBoxCM.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgDetection.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgBluetooth.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgDatabase.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgPorts.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgDialup.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\WtgDriverInstall.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent.exe () MOD - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () MOD - C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\WINDOWS\system32\UAService7.exe () MOD - C:\Programme\ALDITALKVerbindungsassistent\NDISAPI.dll () MOD - C:\Programme\ALDITALKVerbindungsassistent\libeay32.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\WINDOWS\system32\pdfcmnnt.dll () ========== Services (SafeList) ========== SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (ALDITALKVerbindungsassistent_Service) -- C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Service.exe () SRV - (avgwd) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (UserAccess7) -- C:\WINDOWS\system32\UAService7.exe () SRV - (DfSdkS) -- C:\Programme\Ashampoo\Ashampoo WinOptimizer 2012\DfSdkS.exe (mst software GmbH, Germany) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (NPF) -- system32\drivers\NPF.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (lbrtfdc) -- File not found DRV - (i2omgmt) -- File not found DRV - (Changer) -- File not found DRV - (atksgt) -- C:\WINDOWS\system32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\WINDOWS\system32\drivers\lirsgt.sys () DRV - (ew_hwusbdev) -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ewusbnet) -- C:\WINDOWS\system32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\WINDOWS\system32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (AVGIDSDriver) -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSHX) -- C:\WINDOWS\system32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgmfx86) -- C:\WINDOWS\system32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgldx86) -- C:\WINDOWS\system32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgtdix) -- C:\WINDOWS\system32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (Avglogx) -- C:\WINDOWS\system32\drivers\avglogx.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\WINDOWS\system32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\WINDOWS\system32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (SSHDRV61) -- C:\WINDOWS\system32\drivers\SSHDRV61.sys () DRV - (FsUsbExDisk) -- C:\WINDOWS\system32\FsUsbExDisk.Sys () DRV - (Ndisprot) -- C:\WINDOWS\system32\drivers\Ndisprot.sys (Windows (R) 2000 DDK provider) DRV - (w29n51) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation) DRV - (s1018mdm) -- C:\WINDOWS\system32\drivers\s1018mdm.sys (MCCI Corporation) DRV - (s1018unic) -- C:\WINDOWS\system32\drivers\s1018unic.sys (MCCI Corporation) DRV - (s1018mgmt) -- C:\WINDOWS\system32\drivers\s1018mgmt.sys (MCCI Corporation) DRV - (s1018obex) -- C:\WINDOWS\system32\drivers\s1018obex.sys (MCCI Corporation) DRV - (s1018bus) -- C:\WINDOWS\system32\drivers\s1018bus.sys (MCCI Corporation) DRV - (s1018nd5) -- C:\WINDOWS\system32\drivers\s1018nd5.sys (MCCI Corporation) DRV - (s1018mdfl) -- C:\WINDOWS\system32\drivers\s1018mdfl.sys (MCCI Corporation) DRV - (acedrv11) -- C:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH) DRV - (STAC97) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.) DRV - (w70n51) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation) DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys () DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation) DRV - (NwlnkIpx) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys (Microsoft Corporation) DRV - (NwlnkNb) -- C:\WINDOWS\system32\drivers\nwlnknb.sys (Microsoft Corporation) DRV - (NwlnkSpx) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys (Microsoft Corporation) DRV - (RT73) -- C:\WINDOWS\system32\drivers\rt73.sys (Ralink Technology, Corp.) DRV - (MODLOAD2) -- C:\WINDOWS\system32\drivers\modload2.sys (DiBcom S.A) DRV - (MODBDA2) -- C:\WINDOWS\system32\drivers\modbda2.sys (DiBcom SA) DRV - (HSF_DPV) -- C:\WINDOWS\system32\drivers\HSF_DPV.SYS (Conexant Systems, Inc.) DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.) DRV - (MPE) -- C:\WINDOWS\system32\drivers\MPE.sys (Microsoft Corporation) DRV - (tiumfwl) -- C:\WINDOWS\system32\drivers\tiumfwl.sys (Texas Instruments Inc.) DRV - (DevUpper) -- C:\WINDOWS\system32\drivers\tiumflt.sys (Texas Instruments Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com/?fr=mkg029 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/?fr=mkg029 IE - HKLM\..\SearchScopes,DefaultScope = {16AEF313-61D8-4D21-9EC7-EECF48CAF1A2} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{16AEF313-61D8-4D21-9EC7-EECF48CAF1A2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie8hp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://runonce.msn.com/ [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{16AEF313-61D8-4D21-9EC7-EECF48CAF1A2}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_deDE458 IE - HKCU\..\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}: "URL" = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.15 FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.3 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: File not found FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.3.37: C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.3.37: C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.3.37: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.3.37: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.3.37: C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.04.28 10:35:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.10.27 12:47:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.05.28 08:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions [2012.05.28 08:23:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions\songbird@songbirdnest.com [2012.11.13 02:13:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\w8wt9ogc.default-1351039392868\extensions [2012.11.09 12:33:08 | 000,000,000 | ---D | M] (Flagfox) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\w8wt9ogc.default-1351039392868\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b} [2012.10.24 02:06:40 | 000,199,396 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\w8wt9ogc.default-1351039392868\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2012.10.24 02:05:21 | 000,741,958 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\w8wt9ogc.default-1351039392868\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.10.24 02:19:06 | 000,138,614 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\w8wt9ogc.default-1351039392868\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.10.24 02:19:06 | 000,698,867 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\w8wt9ogc.default-1351039392868\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2012.10.27 12:46:14 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.27 12:47:02 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.06.01 17:33:00 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 01:26:35 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.06.01 17:33:00 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.06.01 17:33:00 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.08 15:36:17 | 000,002,519 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\Search_Results.xml [2012.06.01 17:33:00 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.01 17:33:00 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.06.01 20:06:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found. O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Programme\Yontoo\YontooIEClient.dll (Yontoo LLC) O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Programme\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll () O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DATAMNGR] C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [NPSStartup] File not found O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe (NVIDIA Corporation) O4 - HKLM..\Run: [ROC_ROC_NT] "C:\Programme\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT File not found O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Programme\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [ISUSPM] C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk = C:\Programme\ALDITALKVerbindungsassistent\ALDITALKVerbindungsassistent_Launcher.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B192E59-967D-48D5-94BA-A3B5A39AB269}: NameServer = 212.23.115.148 212.23.97.2 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\datamngr.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc) O20 - AppInit_DLLs: (C:\PROGRA~1\WINDOW~4\Datamngr\IEBHO.dll) - C:\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 () - hxxp://i.ebayimg.com/t/FESTINA-UHR-/00/s/MTAwMFgxMDAw/$T2eC16RHJHQE9nzEzNe%21BQRe29LvRg%7E%7E60_12.JPG O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.03.18 19:57:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2009.03.07 00:28:30 | 000,000,169 | RH-- | M] () - D:\Autorun.ini -- [ CDFS ] O32 - AutoRun File - [2007.12.06 03:50:28 | 000,038,600 | RH-- | M] () - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2009.03.05 19:44:02 | 000,000,099 | RH-- | M] () - D:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2011.09.14 09:28:50 | 000,000,095 | R--- | M] () - F:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{023f1a71-fe82-11e1-89da-c58f55a9c62b}\Shell - "" = AutoRun O33 - MountPoints2\{023f1a71-fe82-11e1-89da-c58f55a9c62b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{023f1a71-fe82-11e1-89da-c58f55a9c62b}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{02c5a684-088b-11e2-89e3-fccc240c37a8}\Shell - "" = AutoRun O33 - MountPoints2\{02c5a684-088b-11e2-89e3-fccc240c37a8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{02c5a684-088b-11e2-89e3-fccc240c37a8}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{0385cce0-1286-11e2-89ea-cd4757a6ae97}\Shell - "" = AutoRun O33 - MountPoints2\{0385cce0-1286-11e2-89ea-cd4757a6ae97}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0385cce0-1286-11e2-89ea-cd4757a6ae97}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{1804f944-b36d-11e1-89b1-8da6c88d33f9}\Shell - "" = AutoRun O33 - MountPoints2\{1804f944-b36d-11e1-89b1-8da6c88d33f9}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1804f944-b36d-11e1-89b1-8da6c88d33f9}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{1c58c1d0-ab3e-11e1-89ad-001e101f731c}\Shell - "" = AutoRun O33 - MountPoints2\{1c58c1d0-ab3e-11e1-89ad-001e101f731c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1c58c1d0-ab3e-11e1-89ad-001e101f731c}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{1c58c33e-ab3e-11e1-89ad-fc7e4ff4c94a}\Shell - "" = AutoRun O33 - MountPoints2\{1c58c33e-ab3e-11e1-89ad-fc7e4ff4c94a}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{1c58c33e-ab3e-11e1-89ad-fc7e4ff4c94a}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{22baf617-d51a-11e1-89c5-cd1ed1274cc8}\Shell - "" = AutoRun O33 - MountPoints2\{22baf617-d51a-11e1-89c5-cd1ed1274cc8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{22baf617-d51a-11e1-89c5-cd1ed1274cc8}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{261b035c-0f0f-11e2-89e7-8de454178a2c}\Shell - "" = AutoRun O33 - MountPoints2\{261b035c-0f0f-11e2-89e7-8de454178a2c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{261b035c-0f0f-11e2-89e7-8de454178a2c}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{2ca017c2-c9ca-11e1-89bd-e0ed8d8ed45b}\Shell - "" = AutoRun O33 - MountPoints2\{2ca017c2-c9ca-11e1-89bd-e0ed8d8ed45b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2ca017c2-c9ca-11e1-89bd-e0ed8d8ed45b}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{2ce5a890-0bc0-11e2-89e4-dbf1c443b2f4}\Shell - "" = AutoRun O33 - MountPoints2\{2ce5a890-0bc0-11e2-89e4-dbf1c443b2f4}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2ce5a890-0bc0-11e2-89e4-dbf1c443b2f4}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{2ce5a897-0bc0-11e2-89e4-953a1a350278}\Shell - "" = AutoRun O33 - MountPoints2\{2ce5a897-0bc0-11e2-89e4-953a1a350278}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2ce5a897-0bc0-11e2-89e4-953a1a350278}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{2e4d1660-b409-11e1-89b2-a4cccfa4c654}\Shell - "" = AutoRun O33 - MountPoints2\{2e4d1660-b409-11e1-89b2-a4cccfa4c654}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2e4d1660-b409-11e1-89b2-a4cccfa4c654}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{4576e8c1-32be-11df-87fb-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{4576e8c1-32be-11df-87fb-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{4576e8c1-32be-11df-87fb-806d6172696f}\Shell\AutoRun\command - "" = D:\MegaplexMadness.exe -- [2009.03.23 19:51:51 | 001,662,336 | R--- | M] () O33 - MountPoints2\{45dd2e90-90d5-11e1-898e-996f5e3a62ed}\Shell - "" = AutoRun O33 - MountPoints2\{45dd2e90-90d5-11e1-898e-996f5e3a62ed}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{45dd2e90-90d5-11e1-898e-996f5e3a62ed}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{45dd2e92-90d5-11e1-898e-a2b5f5260fa8}\Shell - "" = AutoRun O33 - MountPoints2\{45dd2e92-90d5-11e1-898e-a2b5f5260fa8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{45dd2e92-90d5-11e1-898e-a2b5f5260fa8}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{5a7265f0-8f06-11e1-8989-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{5a7265f0-8f06-11e1-8989-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5a7265f0-8f06-11e1-8989-000d56b1399d}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{5a7265f5-8f06-11e1-8989-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{5a7265f5-8f06-11e1-8989-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5a7265f5-8f06-11e1-8989-000d56b1399d}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{5a7265f9-8f06-11e1-8989-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{5a7265f9-8f06-11e1-8989-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5a7265f9-8f06-11e1-8989-000d56b1399d}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{5a726600-8f06-11e1-8989-a88765b25161}\Shell - "" = AutoRun O33 - MountPoints2\{5a726600-8f06-11e1-8989-a88765b25161}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5a726600-8f06-11e1-8989-a88765b25161}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{5a726602-8f06-11e1-8989-e40c97d6e892}\Shell - "" = AutoRun O33 - MountPoints2\{5a726602-8f06-11e1-8989-e40c97d6e892}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5a726602-8f06-11e1-8989-e40c97d6e892}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{5a726606-8f06-11e1-8989-92463c376907}\Shell - "" = AutoRun O33 - MountPoints2\{5a726606-8f06-11e1-8989-92463c376907}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5a726606-8f06-11e1-8989-92463c376907}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{5a726608-8f06-11e1-8989-ae7e3ecaa384}\Shell - "" = AutoRun O33 - MountPoints2\{5a726608-8f06-11e1-8989-ae7e3ecaa384}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{5a726608-8f06-11e1-8989-ae7e3ecaa384}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{692c44c1-bea2-11e1-89b8-f2a5d8a65d2c}\Shell - "" = AutoRun O33 - MountPoints2\{692c44c1-bea2-11e1-89b8-f2a5d8a65d2c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{692c44c1-bea2-11e1-89b8-f2a5d8a65d2c}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{6c66022c-ca7d-11e1-89c0-92fc3769d183}\Shell - "" = AutoRun O33 - MountPoints2\{6c66022c-ca7d-11e1-89c0-92fc3769d183}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6c66022c-ca7d-11e1-89c0-92fc3769d183}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{6c660314-ca7d-11e1-89c0-bc47e1eab76c}\Shell - "" = AutoRun O33 - MountPoints2\{6c660314-ca7d-11e1-89c0-bc47e1eab76c}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6c660314-ca7d-11e1-89c0-bc47e1eab76c}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{6f197539-f2f6-11e1-89d2-e4d233dbef72}\Shell - "" = AutoRun O33 - MountPoints2\{6f197539-f2f6-11e1-89d2-e4d233dbef72}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{6f197539-f2f6-11e1-89d2-e4d233dbef72}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{71a81c60-b737-11e1-89b4-b7cf490e3378}\Shell - "" = AutoRun O33 - MountPoints2\{71a81c60-b737-11e1-89b4-b7cf490e3378}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{71a81c60-b737-11e1-89b4-b7cf490e3378}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{755ab820-cab6-11e0-88cc-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{755ab820-cab6-11e0-88cc-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{755ab820-cab6-11e0-88cc-000d56b1399d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{755ab821-cab6-11e0-88cc-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{755ab821-cab6-11e0-88cc-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{755ab821-cab6-11e0-88cc-000d56b1399d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{833890e0-90d2-11e1-898d-f3ef560cc5ac}\Shell - "" = AutoRun O33 - MountPoints2\{833890e0-90d2-11e1-898d-f3ef560cc5ac}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{833890e0-90d2-11e1-898d-f3ef560cc5ac}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{8fd78b20-ad08-11e1-89ae-f269919359ca}\Shell - "" = AutoRun O33 - MountPoints2\{8fd78b20-ad08-11e1-89ae-f269919359ca}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{8fd78b20-ad08-11e1-89ae-f269919359ca}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{a5981862-033f-11e2-89df-afb039f9c128}\Shell - "" = AutoRun O33 - MountPoints2\{a5981862-033f-11e2-89df-afb039f9c128}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a5981862-033f-11e2-89df-afb039f9c128}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{a93abea7-0406-11e2-89e0-8c451f62e135}\Shell - "" = AutoRun O33 - MountPoints2\{a93abea7-0406-11e2-89e0-8c451f62e135}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{a93abea7-0406-11e2-89e0-8c451f62e135}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{b0779dc2-e099-11e1-89cc-b35d797eeb85}\Shell - "" = AutoRun O33 - MountPoints2\{b0779dc2-e099-11e1-89cc-b35d797eeb85}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{b0779dc2-e099-11e1-89cc-b35d797eeb85}\Shell\AutoRun\command - "" = H:\Startme.exe O33 - MountPoints2\{c4c97651-cdd7-11e0-88d3-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{c4c97651-cdd7-11e0-88d3-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c4c97651-cdd7-11e0-88d3-000d56b1399d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{c5062bf7-f488-11e1-89d3-cd3aed17d08b}\Shell - "" = AutoRun O33 - MountPoints2\{c5062bf7-f488-11e1-89d3-cd3aed17d08b}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c5062bf7-f488-11e1-89d3-cd3aed17d08b}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{c8d550b0-b5a8-11e1-89b3-b364301293cf}\Shell - "" = AutoRun O33 - MountPoints2\{c8d550b0-b5a8-11e1-89b3-b364301293cf}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{c8d550b0-b5a8-11e1-89b3-b364301293cf}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{ca5c4f11-d1b0-11e0-88dd-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{ca5c4f11-d1b0-11e0-88dd-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ca5c4f11-d1b0-11e0-88dd-000d56b1399d}\Shell\AutoRun\command - "" = F:\StartVMCLite.exe O33 - MountPoints2\{d6355aa0-ca69-11e1-89bf-84aa846520c3}\Shell - "" = AutoRun O33 - MountPoints2\{d6355aa0-ca69-11e1-89bf-84aa846520c3}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{d6355aa0-ca69-11e1-89bf-84aa846520c3}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{dcb07dfc-0c0e-11e2-89e5-b8ceda4db1e6}\Shell - "" = AutoRun O33 - MountPoints2\{dcb07dfc-0c0e-11e2-89e5-b8ceda4db1e6}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dcb07dfc-0c0e-11e2-89e5-b8ceda4db1e6}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{de13fde6-a918-11e1-89ac-9c6c5153fb35}\Shell - "" = AutoRun O33 - MountPoints2\{de13fde6-a918-11e1-89ac-9c6c5153fb35}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{de13fde6-a918-11e1-89ac-9c6c5153fb35}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{dea37ac0-ac82-11e0-885e-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{dea37ac0-ac82-11e0-885e-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dea37ac0-ac82-11e0-885e-000d56b1399d}\Shell\AutoRun\command - "" = G:\Startme.exe O33 - MountPoints2\{e7d843e0-8fce-11e1-898a-8ae1c632a8ba}\Shell - "" = AutoRun O33 - MountPoints2\{e7d843e0-8fce-11e1-898a-8ae1c632a8ba}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e7d843e0-8fce-11e1-898a-8ae1c632a8ba}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{e910f0a0-1e44-11e2-89f8-f24334d6b50f}\Shell - "" = AutoRun O33 - MountPoints2\{e910f0a0-1e44-11e2-89f8-f24334d6b50f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e910f0a0-1e44-11e2-89f8-f24334d6b50f}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{e910f0a5-1e44-11e2-89f8-d40c8cb03afc}\Shell - "" = AutoRun O33 - MountPoints2\{e910f0a5-1e44-11e2-89f8-d40c8cb03afc}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e910f0a5-1e44-11e2-89f8-d40c8cb03afc}\Shell\AutoRun\command - "" = G:\.\Setup.exe AUTORUN=1 O33 - MountPoints2\{e9a0a381-a89e-11e1-89ab-d917b2c9b0c2}\Shell - "" = AutoRun O33 - MountPoints2\{e9a0a381-a89e-11e1-89ab-d917b2c9b0c2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e9a0a381-a89e-11e1-89ab-d917b2c9b0c2}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{ed8d4301-7d57-11e1-896b-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{ed8d4301-7d57-11e1-896b-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{ed8d4301-7d57-11e1-896b-000d56b1399d}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\RECYCLER\S-0-0-15-0757757214-5800166155-711078321-4717\iJgMmrZH.exe O33 - MountPoints2\{ed8d4301-7d57-11e1-896b-000d56b1399d}\Shell\explore\command - "" = .\RECYCLER\S-0-0-15-0757757214-5800166155-711078321-4717\iJgMmrZH.exe O33 - MountPoints2\{ed8d4301-7d57-11e1-896b-000d56b1399d}\Shell\Open\command - "" = .\RECYCLER\S-0-0-15-0757757214-5800166155-711078321-4717\iJgMmrZH.exe O33 - MountPoints2\{f14b6bd9-2a57-11e2-89fe-914bc94be768}\Shell - "" = AutoRun O33 - MountPoints2\{f14b6bd9-2a57-11e2-89fe-914bc94be768}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f14b6bd9-2a57-11e2-89fe-914bc94be768}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{f14b6bdb-2a57-11e2-89fe-9a0bf560d6b1}\Shell - "" = AutoRun O33 - MountPoints2\{f14b6bdb-2a57-11e2-89fe-9a0bf560d6b1}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f14b6bdb-2a57-11e2-89fe-9a0bf560d6b1}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{f50acbc0-1ad1-11e2-89f4-a4a4f3805ab2}\Shell - "" = AutoRun O33 - MountPoints2\{f50acbc0-1ad1-11e2-89f4-a4a4f3805ab2}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f50acbc0-1ad1-11e2-89f4-a4a4f3805ab2}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{f50acbc2-1ad1-11e2-89f4-d2f5d6dcb052}\Shell - "" = AutoRun O33 - MountPoints2\{f50acbc2-1ad1-11e2-89f4-d2f5d6dcb052}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f50acbc2-1ad1-11e2-89f4-d2f5d6dcb052}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{f50acbc4-1ad1-11e2-89f4-001e101f0c60}\Shell - "" = AutoRun O33 - MountPoints2\{f50acbc4-1ad1-11e2-89f4-001e101f0c60}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{f50acbc4-1ad1-11e2-89f4-001e101f0c60}\Shell\AutoRun\command - "" = F:\.\Setup.exe -- [2011.09.14 09:45:57 | 015,216,376 | R--- | M] () O33 - MountPoints2\{fa577170-10d4-11d8-8814-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{fa577170-10d4-11d8-8814-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fa577170-10d4-11d8-8814-000d56b1399d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O33 - MountPoints2\{fa577171-10d4-11d8-8814-000d56b1399d}\Shell - "" = AutoRun O33 - MountPoints2\{fa577171-10d4-11d8-8814-000d56b1399d}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{fa577171-10d4-11d8-8814-000d56b1399d}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.09 09:56:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG [2012.11.08 17:09:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Turbo Lister Backup [2012.11.06 02:28:53 | 000,000,000 | ---D | C] -- C:\Avenger [2012.11.01 01:33:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Megaplex Madness [2012.11.01 01:32:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Megaplex Madness - Now Playing [2012.11.01 01:32:14 | 000,000,000 | ---D | C] -- C:\Programme\bfgclient [2012.11.01 01:31:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BigFishGamesCache [2012.11.01 01:30:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2012.11.01 01:01:08 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\DirectX [2012.11.01 01:01:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\hl3 [2012.10.27 12:46:13 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2012.10.26 02:56:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\3DO [2012.10.26 02:54:06 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\3DO Shared [2012.10.26 02:54:06 | 000,000,000 | ---D | C] -- C:\Programme\3DO [2012.10.25 05:06:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ascaron Entertainment [2012.10.25 04:32:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Ascaron Entertainment [2012.10.25 04:28:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Ascaron Entertainment [2012.10.25 02:45:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\ALDITALKVerbindungsassistent [2012.10.25 02:44:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ALDI TALK Verbindungsassistent [2012.10.25 02:44:50 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll [2012.10.25 02:44:50 | 001,112,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll [2012.10.25 02:44:50 | 000,860,928 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys [2012.10.25 02:44:50 | 000,117,504 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2012.10.25 02:44:50 | 000,106,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2012.10.25 02:44:50 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2012.10.25 02:44:50 | 000,082,816 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [2012.10.25 02:44:50 | 000,072,576 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2012.10.25 02:44:50 | 000,051,456 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys [2012.10.25 02:44:50 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys [2012.10.25 02:44:50 | 000,026,496 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2012.10.25 02:44:50 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2012.10.25 02:44:50 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2012.10.25 02:42:01 | 000,000,000 | ---D | C] -- C:\Programme\ALDITALKVerbindungsassistent [2012.10.24 02:43:42 | 000,000,000 | ---D | C] -- C:\Programme\Yontoo [2012.10.24 02:43:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer [2012.10.24 01:43:16 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Alte Firefox-Daten [2012.10.23 18:03:52 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2012.10.23 18:03:52 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2012.10.23 18:03:52 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2012.10.23 18:02:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\Opera [2012.10.23 18:02:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Opera [2012.10.23 18:00:19 | 000,000,000 | ---D | C] -- C:\Programme\Opera [2012.10.19 23:51:27 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\WMTools Downloaded Files [2012.10.16 23:00:19 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.13 05:34:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2012.11.13 05:03:28 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{11694F2C-23F9-4F5B-B077-5E148D9779CB}.job [2012.11.13 01:05:10 | 000,033,413 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat [2012.11.13 01:05:10 | 000,033,413 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2012.11.10 20:20:24 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-1580818891-1202660629-500.job [2012.11.10 20:20:23 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-1580818891-1202660629-500.job [2012.11.09 20:03:32 | 000,296,667 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klasse B ARGE NEU.pdf [2012.11.09 11:23:26 | 000,017,112 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2012.11.09 11:22:40 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.11.09 11:22:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.11.09 09:56:57 | 000,000,709 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk [2012.11.08 18:49:19 | 000,001,753 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\eBay Turbo Lister 2.lnk [2012.11.06 01:17:34 | 000,000,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.01 01:33:05 | 000,001,995 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spiel Megaplex Madness - Now Playing.lnk [2012.11.01 01:00:52 | 000,278,728 | ---- | M] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2012.11.01 01:00:49 | 000,025,416 | ---- | M] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2012.10.31 00:47:00 | 000,001,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Heroes of Might and Magic IV Winds of War.lnk [2012.10.27 03:11:16 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\-1 [2012.10.25 05:05:45 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Vermeer 2.lnk [2012.10.25 02:45:00 | 000,001,873 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk [2012.10.25 02:44:22 | 000,001,910 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk [2012.10.25 02:43:10 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\WdfCoInstaller01007.dll [2012.10.25 02:43:10 | 001,112,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\WdfCoInstaller01007.dll [2012.10.25 02:43:03 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\usbccid.sys [2012.10.25 02:43:02 | 000,860,928 | ---- | M] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys [2012.10.25 02:43:00 | 000,011,136 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_usbenumfilter.sys [2012.10.25 02:42:59 | 000,026,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_juextctrl.sys [2012.10.25 02:42:57 | 000,051,456 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcecm.sys [2012.10.25 02:42:56 | 000,082,816 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jucdcacm.sys [2012.10.25 02:42:54 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_jubusenum.sys [2012.10.25 02:42:52 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ew_hwusbdev.sys [2012.10.25 02:42:50 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys [2012.10.25 02:42:48 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys [2012.10.25 02:42:45 | 000,024,448 | ---- | M] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys [2012.10.23 18:02:28 | 000,426,026 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2012.10.23 18:02:28 | 000,406,946 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2012.10.23 18:02:28 | 000,086,720 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2012.10.23 18:02:28 | 000,072,178 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2012.10.23 18:01:45 | 000,001,467 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys [2012.10.20 16:31:20 | 064,745,472 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2012.10.19 18:41:08 | 000,114,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.18 03:09:23 | 000,004,096 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\00000DA4.LCS [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\avgidshx.sys [2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.09 20:03:32 | 000,296,667 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Klasse B ARGE NEU.pdf [2012.11.09 06:05:45 | 000,015,236 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Lebenslauf.odt [2012.11.01 01:33:05 | 000,001,995 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Spiel Megaplex Madness - Now Playing.lnk [2012.11.01 01:00:51 | 000,278,728 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys [2012.11.01 01:00:49 | 000,025,416 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys [2012.10.31 00:47:00 | 000,001,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Heroes of Might and Magic IV Winds of War.lnk [2012.10.27 03:11:15 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\-1 [2012.10.25 04:32:31 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Vermeer 2.lnk [2012.10.25 02:45:00 | 000,001,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ALDI TALK Verbindungsassistent.lnk [2012.10.25 02:44:22 | 000,001,910 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Launcher.lnk [2012.10.23 18:01:45 | 000,001,473 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk [2012.10.23 18:01:42 | 000,001,467 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk [2012.10.19 18:41:08 | 000,114,968 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.08.06 22:22:20 | 000,000,011 | ---- | C] () -- C:\WINDOWS\MKKKXWGD.INI [2012.08.06 22:22:20 | 000,000,010 | ---- | C] () -- C:\WINDOWS\HLOHNIWU.INI [2012.08.06 14:22:07 | 000,000,082 | ---- | C] () -- C:\WINDOWS\odbc_merge.INI [2012.07.19 08:39:28 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\UAService7.exe [2012.07.19 08:39:24 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt.dll [2012.07.10 03:15:21 | 000,073,728 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe [2012.07.09 04:38:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\drivers\SSHDRV61.sys [2012.06.11 03:25:31 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll [2012.06.11 03:25:31 | 000,036,608 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys [2012.06.11 03:25:01 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\$_hpcst$.hpc [2012.06.02 04:46:24 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2012.06.02 04:27:29 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys [2012.05.26 23:20:56 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll [2012.05.25 20:13:10 | 000,110,080 | ---- | C] () -- C:\WINDOWS\System32\advd.dll [2012.05.25 20:13:10 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\auth.dll [2012.05.25 20:13:06 | 000,511,488 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll [2012.05.23 05:08:06 | 000,074,408 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.04.23 00:02:45 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2012.04.22 23:19:57 | 000,000,916 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\.recently-used.xbel [2012.04.07 23:37:38 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2012.04.05 12:16:51 | 000,000,233 | ---- | C] () -- C:\WINDOWS\SIERRA.INI [2012.02.28 01:21:07 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll [2011.08.19 21:26:00 | 000,005,120 | ---- | C] () -- C:\Dokumente und Einstellungen\Administrator\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.06.19 15:51:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat ========== ZeroAccess Check ========== [2003.11.07 04:48:03 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2009.01.07 18:20:26 | 001,497,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2006.06.01 20:06:00 | 000,472,064 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2006.06.01 20:06:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 130 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:A688EF17 < End of report > VON OTL: DIE EXTRAS.TXTOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.11.2012 05:35:07 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
511,23 Mb Total Physical Memory | 177,65 Mb Available Physical Memory | 34,75% Memory free
1,81 Gb Paging File | 1,22 Gb Available in Paging File | 67,46% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 39,06 Gb Total Space | 11,54 Gb Free Space | 29,54% Space Free | Partition Type: NTFS
Drive D: | 50,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 35,47 Gb Total Space | 19,08 Gb Free Space | 53,79% Space Free | Partition Type: NTFS
Drive F: | 17,61 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: HOME-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /k "cd %L" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\MSN Messenger\msnmsgr.exe" = C:\Programme\MSN Messenger\msnmsgr.exe:*:Enabled:MSN Messenger 7.0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe" = C:\Programme\Windows Searchqu Toolbar\Datamngr\ToolBar\dtUser.exe:*:Enabled:DTX broker -- (Visicom Media Inc.)
"D:\SweetImSetup.exe" = D:\SweetImSetup.exe:*:Enabled:SweetIM Installer
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm
"C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsasvr.exe:*:Enabled:KTF MUSIC AoD Server
"C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe" = C:\Programme\Samsung\Samsung New PC Studio\npsvsvr.exe:*:Enabled:KTF MUSIC VoD Server
"C:\Programme\AVG\AVG2013\avgmfapx.exe" = C:\Programme\AVG\AVG2013\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\AVG\AVG2013\avgnsx.exe" = C:\Programme\AVG\AVG2013\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2013\avgdiagex.exe" = C:\Programme\AVG\AVG2013\avgdiagex.exe:*:Enabled:AVG-Diagnose 2013 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2013\avgemcx.exe" = C:\Programme\AVG\AVG2013\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{446472DE-79C0-4708-B06E-0F8FAFDA6918}" = AVG 2013
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{90260407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Web Components
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{C1349E0C-6047-43F2-AFBF-16988F125E5B}" = AVG 2013
"{E8C23EBE-EE3C-4299-9DB9-601AB3751454}" = AAVUpdateManager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALDITALKVerbindungsassistent" = ALDI TALK Verbindungsassistent
"Ashampoo WinOptimizer 2012_is1" = Ashampoo WinOptimizer 2012 v.8.1.4
"Ashampoo_DE Toolbar" = Ashampoo DE Toolbar
"AVG" = AVG 2013
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BFGC" = Big Fish Games Client
"BFG-Megaplex Madness - Now Playing" = Megaplex Madness: Now Playing ™
"BitZipper_is1" = BitZipper 2010
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.92 Modem
"Defraggler" = Defraggler
"EA Installer.828943773" = EA Installer
"EHM2007" = Heimspiel Eishockeymanager 2007
"Eishockey Manager 2009 " = Eishockey Manager 2009
"Heroes of Might and Magic IV" = Heroes of Might and Magic IV: Winds of War
"ie8" = Windows Internet Explorer 8
"iLivid" = iLivid
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 12.10.1652" = Opera 12.10
"Picasa 3" = Picasa 3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RealPlayer 15.0" = RealPlayer
"VERMEER" = VERMEER
"Vermeer 2_is1" = Vermeer 2
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Searchqu Toolbar" = Windows Searchqu Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.10.2012 20:42:13 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung heroes4g.exe, Version 3.0.0.0, fehlgeschlagenes
Modul heroes4g.exe, Version 3.0.0.0, Fehleradresse 0x001caba1.
Error - 29.10.2012 20:44:07 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung heroes4g.exe, Version 3.0.0.0, fehlgeschlagenes
Modul heroes4g.exe, Version 3.0.0.0, Fehleradresse 0x000b746e.
Error - 29.10.2012 23:24:34 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung heroes4g.exe, Version 3.0.0.0, fehlgeschlagenes
Modul heroes4g.exe, Version 3.0.0.0, Fehleradresse 0x001caba1.
Error - 01.11.2012 22:44:17 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung heroes4g.exe, Version 3.0.0.2, fehlgeschlagenes
Modul heroes4g.exe, Version 3.0.0.2, Fehleradresse 0x001caba1.
Error - 07.11.2012 21:15:05 | Computer Name = HOME-PC | Source = Picasa3 | ID = 1
Description = Picasa ist abgestürzt. Eine Dump-Datei wurde generiert: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\Picasa_121108-014640.dmp
Error - 08.11.2012 13:38:34 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tl.exe, Version 9.901.101.2, fehlgeschlagenes
Modul crtitem.dll, Version 9.901.101.2, Fehleradresse 0x000177c6.
Error - 08.11.2012 13:39:51 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tl.exe, Version 9.901.101.2, fehlgeschlagenes
Modul crtitem.dll, Version 9.901.101.2, Fehleradresse 0x000177c6.
Error - 08.11.2012 13:40:49 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tl.exe, Version 9.901.101.2, fehlgeschlagenes
Modul crtitem.dll, Version 9.901.101.2, Fehleradresse 0x000177c6.
Error - 08.11.2012 13:43:16 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tl.exe, Version 9.901.101.2, fehlgeschlagenes
Modul crtitem.dll, Version 9.901.101.2, Fehleradresse 0x000177c6.
Error - 08.11.2012 13:52:19 | Computer Name = HOME-PC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung tl.exe, Version 9.903.101.1, fehlgeschlagenes
Modul crtitem.dll, Version 9.903.101.1, Fehleradresse 0x00019146.
[ System Events ]
Error - 12.11.2012 23:04:54 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 12.11.2012 23:14:54 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 12.11.2012 23:24:54 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 12.11.2012 23:34:54 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 12.11.2012 23:44:54 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 12.11.2012 23:54:54 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 13.11.2012 00:04:55 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 13.11.2012 00:14:55 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 13.11.2012 00:24:55 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
Error - 13.11.2012 00:34:55 | Computer Name = HOME-PC | Source = DCOM | ID = 10000
Description = Ein DCOM-Server konnte nicht gestartet werden: {8D9BB053-FEE5-4411-B6F5-F1E37DDC3106}.
Fehler:
"%193"
aufgetreten
beim Starten dieses Befehls: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet
Connect\6\agent.exe -Embedding
< End of report >
VON GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-13 09:00:11
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM080HC rev.AM100-16
Running: djdmkftp.exe; Driver: C:\DOKUME~1\ADMINI~1\LOKALE~1\Temp\kwldipog.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xF78EA14A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xF78EA21A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF78E9D7C]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendProcess [0xF78E9F6A]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwSuspendThread [0xF78EA000]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF78E9E32]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF78E9ECE]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF78EA09C]
---- Kernel code sections - GMER 1.0.15 ----
init C:\WINDOWS\system32\drivers\tiumflt.sys entry point in "init" section [0xF8BBAD00]
init C:\WINDOWS\system32\drivers\tiumfwl.sys entry point in "init" section [0xF89D04C0]
.text C:\WINDOWS\system32\drivers\ACEDRV05.sys section is writeable [0xF466F000, 0x30A4A, 0xE8000020]
.pklstb C:\WINDOWS\system32\drivers\ACEDRV05.sys entry point in ".pklstb" section [0xF46B1000]
.relo2 C:\WINDOWS\system32\drivers\ACEDRV05.sys unknown last section [0xF46CC000, 0x8E, 0x42000040]
.reloc C:\WINDOWS\system32\drivers\acedrv11.sys section is executable [0xF43B1300, 0x25D4C, 0xE0000060]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xF42C8300, 0x3ACC8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xF8ABC300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Programme\Real\RealPlayer\update\realsched.exe[4152] kernel32.dll!SetUnhandledExceptionFilter 7C810386 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\0010c62e68b8 (not active ControlSet)
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0010c62e68b8
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0010c62e68b8 (not active ControlSet)
---- Files - GMER 1.0.15 ----
File C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.Txt 116898 bytes
---- EOF - GMER 1.0.15 ----
VON MALWAREBYTES: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.13.02 Windows XP Service Pack 2 x86 NTFS Internet Explorer 8.0.6001.18702 Administrator :: HOME-PC [Administrator] 13.11.2012 09:01:40 mbam-log-2012-11-13 (09-01-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: HeuristiKs/Shuriken Durchsuchte Objekte: 192856 Laufzeit: 6 Minute(n), 43 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ICH HOFFE ICH HABE ALLES ERTMALS KORREKT ANGEGEBEN. FALLS NICHT BITTE ICH UM NCHSICHT UND UM HILFE. DANKE IM VORAUS Zum Nachtrag noch folgende Auswertung: ESET ONLINE SCAN ESETSmartInstaller@High as downloader log: Can not read file from internet.ESETSmartInstaller@High as downloader log: Can not read file from internet.# version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=24ae2776478cf446b9a21598aec44d3a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-11-13 05:32:54 # local_time=2012-11-13 06:32:54 (+0100, Westeuropäische Normalzeit) # country="Germany" # lang=1033 # osver=5.1.2600 NT Service Pack 2 # compatibility_mode=1024 16777175 100 0 3429617 3429617 0 0 # compatibility_mode=8192 67108863 100 0 12441 12441 0 0 # scanned=84732 # found=18 # cleaned=18 # scan_time=7028 C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\BrowserCompanion\tbhcn.exe Win32/BrowserCompanion application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\BestVideoDownloader.exe a variant of Win32/KBM.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\Administrator\Eigene Dateien\Downloads\registrybooster.exe a variant of Win32/RegistryBooster application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Programme\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Programme\Windows Searchqu Toolbar\Datamngr\BrowserConnection.dll.vir Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Programme\Windows Searchqu Toolbar\Datamngr\datamngr.dll.vir Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Programme\Windows Searchqu Toolbar\Datamngr\datamngrUI.exe.vir a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Programme\Windows Searchqu Toolbar\Datamngr\DnsBHO.dll.vir Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\Programme\Windows Searchqu Toolbar\Datamngr\IEBHO.dll.vir Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP320\A0158238.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP320\A0158239.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP320\A0158240.exe a variant of Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP320\A0158241.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP320\A0158255.dll Win32/Toolbar.SearchSuite application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP321\A0158356.exe Win32/BrowserCompanion application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP321\A0158357.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{8F7A7723-FB43-451E-B6B2-26ED476902AE}\RP321\A0158358.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C |
|
14.11.2012, 22:45
| #2 | |||
| /// Winkelfunktion /// TB-Süch-Tiger™   | Lange ladezeit bei firefox, opera & ie Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
512 MB RAM war die Standardausstattung neuer Rechner von vor 8 Jahren oder so, mittlerweile hat eigentlich selbst jede Billigkiste 4 GB RAM oder mehr Zitat:
 Bitte gewöhn dir umgehend diesen Schreibstil ab! Alles GROSSZUSCHREIBEN bedeutet SCHREIEN, das ist nicht nett und unleserlich obendrein also schreib bitte normal! Zitat:
__________________ |
|
| Themen zu Lange ladezeit bei firefox, opera & ie |
| acedrv05.sys, avg, avg secure search, bandoo, bho, computer, converter, desktop, driver./avg, einstellungen, error, firefox, flash player, fontcache, format, helper, homepage, internet browser, karte, logfile, monitor, plug-in, problem, registry, rundll, scan, secure search, security, software, starten, tarma, udp, win32/adware.yontoo.a, win32/adware.yontoo.b, win32/kbm.a, windows, windows internet, windows xp, yontoo |
