Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 14.05.2010, 17:47   #1
Ausgefuchst
 
PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile - Standard

PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile



Hallo,
der PC meiner Eltern läuft in letzter Zeit langsamer als normal (teils 10 minuten und mehr allein um hochzufahren, betrifft allerdings nicht nur das hochfahren sondern alle möglichen Programme) und das sollte bei 2,66 GHz dualcore schon schneller gehen.
Betriebsystem ist Vista Home Premium SP2 32Bit.

Ich habe bereits den CCleaner laufen lassen, mit Antivir gescannt und Spybot drüberlaufen lassen, ergebnislos.

Beim Überprüfen der Autostarteinträge sind mir Gnabtray.exe und CCUTRAYICON aufgefallen (konnte ich nicht zuordnen und googlen ergab könnte Spyware sein) -> falls Spyware, wie werde ich sie los, wenn die scanner nix finden

Wäre super wenn sich mal jemand meine HJT-Log durchschauen könnte:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:41:58, on 14.05.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Fuechse\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Robins Kram\programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe -checkstart
O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-21-3521079135-2528605423-758559-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Intel(R) DHTrace Controller (DHTRACE) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GnabService - Empolis GmbH - c:\program files\common files\gnab\service\servicecontroller.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Intel(R) NMSCore (NMSCore) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe
O23 - Service: Intel(R) Quality Manager (QualityManager) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe

--
End of file - 8870 bytes



ich hoffe mir kann jemand weiterhelfen.
mit freundlichen Grüßen
Robin

Alt 14.05.2010, 19:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile - Standard

PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 14.05.2010, 21:04   #3
Ausgefuchst
 
PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile - Standard

PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile



Erstmal danke für die schnelle antwort :-)
Hier siond die drei Logs.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4101

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

14.05.2010 20:39:45
mbam-log-2010-05-14 (20-39-45).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 253704
Laufzeit: 52 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)



------------------------------------------

OTL logfile created on: 14.05.2010 20:52:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Fuechse\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,26 Gb Total Space | 348,80 Gb Free Space | 78,34% Space Free | Partition Type: NTFS
Drive D: | 20,49 Gb Total Space | 16,09 Gb Free Space | 78,51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FUECHSE-PC
Current User Name: Fuechse
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Fuechse\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Programme\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
PRC - C:\Programme\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
PRC - C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Programme\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()


========== Modules (SafeList) ==========

MOD - C:\Users\Fuechse\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Programme\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH)
SRV - (AlertService) Intel(R) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe (Intel(R) Corporation)
SRV - (QualityManager) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\qualitymanager.exe (Intel(R) Corporation)
SRV - (Remote UI Service) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe (Intel(R) Corporation)
SRV - (MCLServiceATL) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe (Intel(R) Corporation)
SRV - (DHTRACE) Intel(R) -- C:\Programme\Common Files\Intel\IntelDH\bin\DHTraceController.exe (Intel(R) Corporation)
SRV - (ISSM) Intel(R) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe (Intel(R) Corporation)
SRV - (NMSCore) Intel(R) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe (Intel(R) Corporation)
SRV - (M1 Server) Intel(R) Viiv(TM) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DQLWinService) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe ()


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntelDH) -- C:\Windows\System32\drivers\IntelDH.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (TSHWMDTCP) -- C:\Programme\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys ()
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (nmsunidr) -- C:\Windows\System32\drivers\nmsunidr.sys (Gteko Ltd.)
DRV - (athrusb) -- C:\Windows\System32\drivers\athrusb.sys (Atheros Communications, Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (w810obex) -- C:\Windows\System32\drivers\w810obex.sys (MCCI)
DRV - (w810mgmt) Sony Ericsson W810 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\w810mgmt.sys (MCCI)
DRV - (w810mdm) -- C:\Windows\System32\drivers\w810mdm.sys (MCCI)
DRV - (w810mdfl) -- C:\Windows\System32\drivers\w810mdfl.sys (MCCI)
DRV - (w810bus) Sony Ericsson W810 Driver driver (WDM) -- C:\Windows\System32\drivers\w810bus.sys (MCCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.14 15:58:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.14 15:58:43 | 000,000,000 | ---D | M]

[2010.05.14 15:58:47 | 000,000,000 | ---D | M] -- C:\Users\Fuechse\AppData\Roaming\mozilla\Extensions
[2010.05.14 15:45:44 | 000,000,000 | ---D | M] -- C:\Users\Fuechse\AppData\Roaming\mozilla\Firefox\Profiles\f7qufby9.default\extensions
[2010.05.14 15:45:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fuechse\AppData\Roaming\mozilla\Firefox\Profiles\f7qufby9.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.14 15:40:02 | 000,000,950 | ---- | M] () -- C:\Users\Fuechse\AppData\Roaming\Mozilla\FireFox\Profiles\f7qufby9.default\searchplugins\icqplugin-1.xml
[2008.03.01 16:29:13 | 000,000,950 | ---- | M] () -- C:\Users\Fuechse\AppData\Roaming\Mozilla\FireFox\Profiles\f7qufby9.default\searchplugins\icqplugin-2.xml
[2008.04.09 17:59:03 | 000,000,950 | ---- | M] () -- C:\Users\Fuechse\AppData\Roaming\Mozilla\FireFox\Profiles\f7qufby9.default\searchplugins\icqplugin-3.xml
[2008.04.23 20:24:46 | 000,000,950 | ---- | M] () -- C:\Users\Fuechse\AppData\Roaming\Mozilla\FireFox\Profiles\f7qufby9.default\searchplugins\icqplugin-4.xml
[2008.08.09 00:16:44 | 000,000,950 | ---- | M] () -- C:\Users\Fuechse\AppData\Roaming\Mozilla\FireFox\Profiles\f7qufby9.default\searchplugins\icqplugin-5.xml
[2008.12.17 16:39:32 | 000,000,950 | ---- | M] () -- C:\Users\Fuechse\AppData\Roaming\Mozilla\FireFox\Profiles\f7qufby9.default\searchplugins\icqplugin-6.xml
[2008.02.19 19:16:46 | 000,000,951 | ---- | M] () -- C:\Users\Fuechse\AppData\Roaming\Mozilla\FireFox\Profiles\f7qufby9.default\searchplugins\icqplugin.xml
[2010.05.14 15:58:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CCUTRAYICON] File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [GnabTray] C:\Program Files\Common Files\Gnab\Service\GnabTray.exe (Empolis GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Robins Kram\programme\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: tumuenchen.de ([www] https in Vertrauenswürdige Sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.14 20:50:47 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Fuechse\Desktop\OTL.exe
[2010.05.14 19:46:20 | 000,000,000 | ---D | C] -- C:\Users\Fuechse\AppData\Roaming\Malwarebytes
[2010.05.14 19:46:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.14 19:46:12 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.14 19:46:12 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.14 19:46:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.14 16:20:19 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.05.14 16:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.14 16:01:39 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.14 15:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.05.14 15:13:27 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.05.14 15:13:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.05.14 15:02:28 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.05.14 15:02:28 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.05.14 15:02:28 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.05.14 15:02:27 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.05.14 15:02:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.14 14:35:07 | 000,000,000 | ---D | C] -- C:\ProgramData\tmp
[2010.05.14 11:01:57 | 000,000,000 | ---D | C] -- C:\Programme\Real
[2010.05.14 11:01:55 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Real
[2010.05.14 11:01:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2010.05.14 11:01:51 | 000,000,000 | ---D | C] -- C:\Users\Fuechse\AppData\Roaming\Real
[2010.05.04 11:04:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010.05.04 11:04:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010.05.04 11:04:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010.04.23 09:20:33 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010.04.22 18:49:20 | 000,000,000 | ---D | C] -- C:\Users\Fuechse\AppData\Local\FreePDF_XP
[2010.04.22 18:34:04 | 000,000,000 | ---D | C] -- C:\Users\Fuechse\Desktop\Free PDF downloads
[2010.04.18 03:00:38 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.04.16 18:52:58 | 000,000,000 | ---D | C] -- C:\Users\Fuechse\Documents\SoftMaker
[2010.04.16 18:52:11 | 000,000,000 | ---D | C] -- C:\Programme\SoftMaker Viewer
[2010.04.16 14:04:08 | 003,600,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.16 14:04:08 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.16 14:04:02 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.16 14:03:59 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.16 14:03:59 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.14 20:51:14 | 014,155,776 | -HS- | M] () -- C:\Users\Fuechse\NTUSER.DAT
[2010.05.14 20:50:55 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Fuechse\Desktop\OTL.exe
[2010.05.14 20:29:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.14 19:46:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.14 19:13:16 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.14 19:13:16 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.14 17:20:58 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.05.14 17:18:48 | 001,445,786 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.14 17:18:48 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.14 17:18:48 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.14 17:18:48 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.14 17:18:48 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.14 17:13:17 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.14 17:13:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.14 17:13:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.14 17:12:00 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.14 17:11:56 | 000,524,288 | -HS- | M] () -- C:\Users\Fuechse\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2010.05.14 17:11:56 | 000,065,536 | -HS- | M] () -- C:\Users\Fuechse\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.05.14 17:11:54 | 001,842,627 | -H-- | M] () -- C:\Users\Fuechse\AppData\Local\IconCache.db
[2010.05.14 16:49:07 | 000,110,672 | ---- | M] () -- C:\Users\Fuechse\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.14 16:48:21 | 000,380,904 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.14 16:01:40 | 000,001,674 | ---- | M] () -- C:\Users\Fuechse\Desktop\CCleaner.lnk
[2010.05.14 15:58:44 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.14 15:13:34 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.14 15:02:33 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.14 14:21:01 | 000,002,605 | ---- | M] () -- C:\Users\Fuechse\Desktop\Microsoft Word.lnk
[2010.05.06 10:36:38 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.04.30 23:29:26 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.22 19:09:06 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk
[2010.04.22 10:09:18 | 000,001,074 | RH-- | M] () -- C:\Users\Fuechse\XrxWm.ini
[2010.04.22 10:09:18 | 000,000,522 | RH-- | M] () -- C:\Users\Fuechse\xw45cpdy.dyc
[2010.04.22 09:49:24 | 000,000,155 | ---- | M] () -- C:\Windows\System32\~.inf
[2010.04.18 15:31:45 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.14 19:46:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.14 16:01:40 | 000,001,674 | ---- | C] () -- C:\Users\Fuechse\Desktop\CCleaner.lnk
[2010.05.14 15:58:44 | 000,001,728 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.14 15:13:34 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.05.14 15:02:33 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.22 10:09:18 | 000,001,074 | RH-- | C] () -- C:\Users\Fuechse\XrxWm.ini
[2010.04.22 10:09:18 | 000,000,522 | RH-- | C] () -- C:\Users\Fuechse\xw45cpdy.dyc
[2010.04.18 15:31:45 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010.04.16 18:52:12 | 000,779,593 | ---- | C] () -- C:\Users\Fuechse\Documents\TextMaker Viewer.tmd
[2010.04.16 18:52:12 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2009.10.20 18:31:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2008.02.17 16:05:54 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.02.17 16:05:54 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.02.02 16:29:32 | 000,000,030 | ---- | C] () -- C:\Windows\Iedit_.INI
[2007.10.09 22:05:58 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2007.08.15 18:37:46 | 000,000,216 | ---- | C] () -- C:\Windows\ulead32.ini
[2007.08.15 18:26:22 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2007.08.15 16:08:10 | 000,000,511 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.03.05 13:34:28 | 000,676,224 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.06.23 11:09:34 | 000,019,968 | R--- | C] () -- C:\Windows\System32\cpuinf32.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000068.DLL
[1999.01.23 03:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >


OTL Extras logfile created on: 14.05.2010 20:52:11 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Fuechse\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,26 Gb Total Space | 348,80 Gb Free Space | 78,34% Space Free | Partition Type: NTFS
Drive D: | 20,49 Gb Total Space | 16,09 Gb Free Space | 78,51% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: FUECHSE-PC
Current User Name: Fuechse
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Robins Kram\programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Robins Kram\programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Robins Kram\programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2410F622-BC78-4BB6-BCD5-9B27182E0C7D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F12DFAA-F517-46C4-A353-5797C9F0362A}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{3C3B4F44-4A1C-46EC-9A82-4060D1176B31}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4DFDFB79-2856-4FA6-B97D-0C9761FEF81E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{4E49FD3F-5C14-4A36-B290-22055DE1007F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65DCA89B-B694-4FC0-88C8-574CC98DE166}" = lport=1900 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server upnp discovery |
"{7756E798-2293-4AA6-853A-D7D56BF3507E}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |
"{8819D55E-4349-4A0B-9CB5-C1783117EA75}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B4FCA71E-6757-444A-B906-335641D3908D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BB32E0A5-30C7-4B20-B28E-1B93D10A21E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D6F807ED-9C2C-4D51-9C98-F8919B14CE2F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D70FC391-6F5D-4946-9740-163C9296AEF4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{EBB31401-68E1-48D0-9D2B-84947B69F2F4}" = lport=9442 | protocol=17 | dir=in | name=intel(r) viiv(tm) media server discovery |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067869B8-C41A-4C00-BF54-D7A3C4B49C81}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{08C1F8C2-E755-449A-92FF-D8ABA5148434}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09CB9740-797F-482F-A0BB-F206AA0F5AC3}" = protocol=6 | dir=in | app=c:\robins kram\programme\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{0A2D1DC6-B539-4B67-B626-8458DAE21FC6}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{43082DD7-8BD8-49C2-8C18-4369B2688E60}" = protocol=6 | dir=in | app=c:\robins kram\programme\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{4693423F-2B68-409D-AAD9-BA7DF11B10A9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{4D71C844-5D36-4455-9A9F-5F2CFEDE77C5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5003731B-188E-42F7-88D5-E412A68EE805}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{50417147-0572-409A-9748-35ED2A491E17}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{5D1F0E54-5D1C-4A82-BEB2-1EC692C49B01}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{5EA512E0-02E2-4791-86A4-FEF4AC9FE1B2}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe |
"{82053F31-E3DF-45C7-820C-4C19134B2DB6}" = protocol=6 | dir=out | app=system |
"{8447A933-5A9A-42F0-B9A1-1BF21CC67FA4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B07D5EA-605D-4644-BE7B-9489571D7DC9}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{9725E445-6A40-4C6C-853F-4C3517FA6B8E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A098BB35-BCED-4E6D-9A42-A8EA052F0234}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B68CD120-D7CC-4D6E-AFAA-BD3E1F1E06D9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D4CFE6A0-9417-45CB-A823-B8BD93466DB2}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{DBFDA691-3AFD-4D8C-B099-82515C56425C}" = protocol=17 | dir=in | app=c:\robins kram\programme\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{DDD5A19B-6D7C-4904-97CA-E9E173967BC0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E2ED6014-354C-47A2-A14D-1AB1505E0B64}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe |
"{E58A3E8E-C077-4F47-ABE4-7FA4F89EF9E9}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"{E6B2C564-2C82-4657-8F38-3B5E637A7D7C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F15B4A29-FA72-41B0-A8EE-1DF62D7AB087}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F2E3141E-4A72-438F-B1E3-C19A448EF2D0}" = protocol=17 | dir=in | app=c:\robins kram\programme\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{F94C4ADC-B3F4-43BA-BA87-5EE80A45437F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FEE316B3-6CF0-4DF0-8B69-6EEB17B987A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FEEEAD85-EC5B-4633-A88E-0170FD01B981}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe |
"TCP Query User{2377AE21-90A6-41BC-8F05-19A028F8ED89}C:\robins kram\programme\half-life\hl.exe" = protocol=6 | dir=in | app=c:\robins kram\programme\half-life\hl.exe |
"TCP Query User{28B58FDF-1761-4ABF-BFF1-C8FE76BA8225}C:\program files\t-online\t-online_software_6\browser\dlman.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\dlman.exe |
"TCP Query User{398841A1-EBE6-4D61-B700-29DBB4C7590A}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{69E349FF-7E5E-4887-8586-D5DA20D99FCA}C:\robins kram\programme\last.fm\lastfm.exe" = protocol=6 | dir=in | app=c:\robins kram\programme\last.fm\lastfm.exe |
"TCP Query User{9AB9861A-A178-4EE0-B744-E25DF2B68043}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"TCP Query User{A7A9D87D-5634-4AA9-B1F3-5B99A195CFF1}C:\robins kram\programme\steam\steamapps\ausgefuchst\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\robins kram\programme\steam\steamapps\ausgefuchst\team fortress 2\hl2.exe |
"TCP Query User{A9E37D5B-7240-4355-99AE-1B5F62E99A8D}C:\robins kram\programme\icq6\icq.exe" = protocol=6 | dir=in | app=c:\robins kram\programme\icq6\icq.exe |
"UDP Query User{0CC0D8D7-E56C-4E99-9DC7-5FAA9A8545BC}C:\robins kram\programme\steam\steamapps\ausgefuchst\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\robins kram\programme\steam\steamapps\ausgefuchst\team fortress 2\hl2.exe |
"UDP Query User{20263798-396D-420F-9E28-0AC10F567E57}C:\robins kram\programme\half-life\hl.exe" = protocol=17 | dir=in | app=c:\robins kram\programme\half-life\hl.exe |
"UDP Query User{335EB541-96B2-4106-9568-D4F7BB83EF0F}C:\program files\t-online\t-online_software_6\browser\dlman.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\dlman.exe |
"UDP Query User{99BB557D-F5AA-4180-9304-06087F7C1158}C:\robins kram\programme\last.fm\lastfm.exe" = protocol=17 | dir=in | app=c:\robins kram\programme\last.fm\lastfm.exe |
"UDP Query User{AE9B8123-F57B-4AF0-8CAC-9F7019947198}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{EBA6AF67-E215-41D9-96B8-D8429FF7D67C}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{FD81581F-B719-465B-A40D-D0E1D305B411}C:\robins kram\programme\icq6\icq.exe" = protocol=17 | dir=in | app=c:\robins kram\programme\icq6\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{08C0729E-3E50-11DF-9D81-005056806466}" = Google Earth
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DAA5653-60D4-44C1-AD10-EC7D4FA4D820}" = Intel(R) Viiv(TM) Software
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1AE3E621-E0C0-4aa1-B10B-B3E353A8D110}" = c3100_Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{282E5AB2-8E47-4571-B6FA-6B512555B557}" = HP Photosmart.All-In-One Driver Software 8.0 .A
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{39CB30DB-27F8-4dd4-A294-CB4AE3B584FD}" = Copy
"{3CEA4CA8-CDD4-451C-B673-E8F17BE01B15}" = Ulead COOL 360 1.0
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}" = Ulead VideoStudio 7 SE VCD
"{777CA40C-0206-4EF6-A0FC-618BF06BF8D0}" = Intel(R) PRO Network Connections 12.1.12.0
"{81AB1374-098A-43CB-BE57-31CEB5EB1031}" = Nero 7 Essentials
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB61E316-F10B-43eb-B47F-42095835F9CC}" = C3100
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0E39A1D-0CEE-4D85-B4A2-E3BE990D075E}" = Destination Component
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F54AC413-D2C6-4A24-B324-370C223C6250}" = Adobe Photoshop Elements 6.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Photoshop Elements 6" = Adobe Photoshop Elements 6.0
"Adobe Shockwave Player" = Adobe Shockwave Player
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DeInst_d2vexcrdTop50 Viewer (Build 1.0.5.388)" = Top50 Viewer
"Free Windows Registry Cleaner_is1" = Free Windows Registry Cleaner 1.1
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 8.71" = GPL Ghostscript 8.71
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"Intel(R) Configuration Center" = Intel(R) Viiv(TM) Software
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"ODBC" = ODBC
"PROSetDX" = Intel(R) PRO Network Connections 12.1.12.0
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TextMaker Viewer" = TextMaker Viewer
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR archiver
"WinSkat Pro 4.17" = WinSkat Pro Version 4.17

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 14.05.2010 09:13:40 | Computer Name = Fuechse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung MsiExec.exe, Version 4.5.6002.18005, Zeitstempel
0x49e01c42, fehlerhaftes Modul QuickTime.qts_unloaded, Version 0.0.0.0, Zeitstempel
0x4ba1b0eb, Ausnahmecode 0xc0000005, Fehleroffset 0x65a1bb69, Prozess-ID 0x1608,
Anwendungsstartzeit 01caf36734cf21b8.

Error - 14.05.2010 09:13:45 | Computer Name = Fuechse-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\QuickTime\QuickTimePlayer.exe".
Die
abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 14.05.2010 09:14:09 | Computer Name = Fuechse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung apdproxy.exe, Version 4.5.0.20477, Zeitstempel
0x46cea985, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00066796, Prozess-ID 0x4c0, Anwendungsstartzeit
01caf3653a315088.

Error - 14.05.2010 09:22:06 | Computer Name = Fuechse-PC | Source = VSS | ID = 8194
Description =

Error - 14.05.2010 10:03:47 | Computer Name = Fuechse-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14.05.2010 10:03:48 | Computer Name = Fuechse-PC | Source = Windows Search Service | ID = 3013
Description =

Error - 14.05.2010 10:35:20 | Computer Name = Fuechse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 1.5.13.0, Zeitstempel
0x458d61a6, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 1.5.13.0, Zeitstempel
0x458d61a6, Ausnahmecode 0xc0000005, Fehleroffset 0x0001bf03, Prozess-ID 0x1694,
Anwendungsstartzeit 01caf372adb4aea8.

Error - 14.05.2010 10:42:00 | Computer Name = Fuechse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 1.5.13.0, Zeitstempel
0x458d61a6, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02, Prozess-ID 0x14c8, Anwendungsstartzeit
01caf3739c4252c8.

Error - 14.05.2010 10:44:40 | Computer Name = Fuechse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 1.5.13.0, Zeitstempel
0x458d61a6, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18005, Zeitstempel 0x49e03821,
Ausnahmecode 0xc0000005, Fehleroffset 0x00048b02, Prozess-ID 0x15c8, Anwendungsstartzeit
01caf373fbac49a8.

Error - 14.05.2010 11:24:58 | Computer Name = Fuechse-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung NMIndexStoreSvr.exe, Version 1.5.13.0, Zeitstempel
0x458d61a6, fehlerhaftes Modul NMIndexStoreSvr.exe, Version 1.5.13.0, Zeitstempel
0x458d61a6, Ausnahmecode 0xc0000005, Fehleroffset 0x0001bf03, Prozess-ID 0x12f8,
Anwendungsstartzeit 01caf3799cde460f.

[ Media Center Events ]
Error - 16.04.2008 11:27:37 | Computer Name = Fuechse-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.

[ System Events ]
Error - 13.05.2010 05:01:55 | Computer Name = Fuechse-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13.05.2010 12:30:46 | Computer Name = Fuechse-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 13.05.2010 13:04:23 | Computer Name = Fuechse-PC | Source = DCOM | ID = 10010
Description =

Error - 13.05.2010 13:05:23 | Computer Name = Fuechse-PC | Source = DCOM | ID = 10010
Description =

Error - 14.05.2010 04:34:28 | Computer Name = Fuechse-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14.05.2010 09:00:56 | Computer Name = Fuechse-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14.05.2010 09:02:47 | Computer Name = Fuechse-PC | Source = Service Control Manager | ID = 7006
Description =

Error - 14.05.2010 09:17:50 | Computer Name = Fuechse-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 14.05.2010 10:50:39 | Computer Name = Fuechse-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 14.05.2010 11:15:07 | Computer Name = Fuechse-PC | Source = Service Control Manager | ID = 7022
Description =


< End of report >
__________________

Alt 16.05.2010, 18:39   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile - Standard

PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile



Die Logs sind unauffällig. Ich seh da auch nichts von Gnabtray
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.05.2010, 22:00   #5
Ausgefuchst
 
PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile - Standard

PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile



Danke für die Mühe :-)
Das Problem hat sich erledigt. Ich musste nur einer erwachsenen Frau beibringen, dass man nicht gegen den Rechner tritt, wenn er nicht das macht was man will. Die Hardware war beschädigt *facepalm*


Antwort

Themen zu PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile
adobe, alert, antivir, antivir guard, avg, avira, bho, defender, desktop, downloader, google, gupdate, hijack, hijackthis, home, home premium, internet, internet explorer, langsam, logfile, photoshop, rundll, server, software, spyware, super, tracker, vista, windows



Ähnliche Themen: PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile


  1. Windows 7 langsam - OTL Logfile
    Log-Analyse und Auswertung - 28.07.2015 (5)
  2. Laptop wird unertraeglich langsam - Logfile
    Log-Analyse und Auswertung - 02.03.2012 (1)
  3. Logfile Auswertung..Latop extrem langsam
    Log-Analyse und Auswertung - 10.01.2011 (8)
  4. OTL Logfile auswerten - Internetverbindung langsam !
    Log-Analyse und Auswertung - 10.12.2010 (13)
  5. auswertung von HJT-Logfile (PC langsam)
    Log-Analyse und Auswertung - 04.10.2010 (0)
  6. Rechner langsam, Hijackthis Logfile
    Log-Analyse und Auswertung - 11.02.2010 (1)
  7. Rechner ungewohnt langsam. Virus? [HJT-Logfile]
    Log-Analyse und Auswertung - 02.02.2010 (1)
  8. Internet sehr langsam - HijackThis Logfile
    Log-Analyse und Auswertung - 03.08.2009 (19)
  9. Pc Langsam Logfile bitte mal anschauen
    Log-Analyse und Auswertung - 13.07.2009 (1)
  10. LogFile 2009.02 - Internet sehr langsam
    Log-Analyse und Auswertung - 05.02.2009 (0)
  11. Hijack-logfile....pc langsam
    Log-Analyse und Auswertung - 06.06.2008 (9)
  12. Logfile, mein PC is manchmal langsam o.0
    Mülltonne - 16.12.2007 (1)
  13. PC langsam, sauberes Logfile?
    Log-Analyse und Auswertung - 11.09.2007 (3)
  14. Bitte um Logfile-Auswertung - Pc Langsam
    Log-Analyse und Auswertung - 21.04.2007 (7)
  15. HiJackThis LogFile, Browser langsam
    Log-Analyse und Auswertung - 08.01.2007 (3)
  16. Mein Logfile... I-Net zu langsam, PC Bootet neu
    Log-Analyse und Auswertung - 09.12.2005 (12)
  17. Logfile - Pc langsam
    Log-Analyse und Auswertung - 24.05.2005 (2)

Zum Thema PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile - Hallo, der PC meiner Eltern läuft in letzter Zeit langsamer als normal (teils 10 minuten und mehr allein um hochzufahren, betrifft allerdings nicht nur das hochfahren sondern alle möglichen Programme) - PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile...
Archiv
Du betrachtest: PC langsam\Gnabtray.exe?\CCUTRAYICON? +logfile auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.