| |
| |||||||
Log-Analyse und Auswertung: Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
12.12.2010, 23:12
| #16 |
 |  Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner hallo rea, sorry, konnte mich ne weile nicht kümmern. habe otl wie du gesagt hast, nochmal vom destkop aus gescant. leider wieder kein protokoll extras. keine ahnung woran es liegt. ich bekomme bald ne krise. sofern ich von google aus irgendeine seite aufmache und näher rein will, dauert es ewig. ich kann eigentlich nichts so richtig machen. genauso ist es auch beim banking. über t-online banking wird abgebrochen, weil fehler zum server und wenn ich direkt auf der seite der bank gehe, reicht dieses zeitfenster nicht aus. ich versteh das nicht. was soll ich nur tun? gruß diana |
|
12.12.2010, 23:14
| #17 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12.12.2010 22:59:41 - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Diana\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 27,92 Gb Free Space | 40,02% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 52,81 Gb Free Space | 75,98% Space Free | Partition Type: NTFS Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe PRC - [2008.08.20 06:02:58 | 000,009,408 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe PRC - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe PRC - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe PRC - [2008.03.30 19:09:01 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Diana\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.22 11:34:20 | 000,421,888 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MInfraIS.exe PRC - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.07.06 04:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.02.19 22:57:20 | 000,164,097 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler) SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE -- (antivirwebservice) SRV - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2009.09.02 10:27:38 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2009.09.01 14:29:06 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2009.05.28 07:07:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.28 07:07:41 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt) DRV - [2009.05.28 07:07:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio) DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.12.03 20:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.11.05 10:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.07.28 10:18:40 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.07.18 12:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.16 10:01:32 | 001,062,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.05.17 02:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.17 01:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.17 01:46:36 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.05.17 01:46:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.05.17 01:46:20 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.05.16 13:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.25 15:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.04.25 15:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.04.25 15:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006.11.02 14:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.01 00:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.01 00:06:02 | 000,000,000 | ---D | M] [2009.10.15 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions [2010.12.08 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions [2010.08.08 21:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.25 23:30:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.26 19:28:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.13 16:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.09 16:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.25 23:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.25 23:29:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.01 00:05:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.01 00:05:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.01 00:05:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.01 00:05:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.01 00:05:53 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.01 00:09:57 | 000,000,000 | ---D | C] -- C:\_OTL [2010.11.25 23:30:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.25 23:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.25 23:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.25 22:53:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.11.25 20:32:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe [2010.11.22 22:51:07 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.11.21 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Malwarebytes [2010.11.21 23:03:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.21 23:03:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.21 23:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.21 23:03:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.21 22:52:33 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.11.21 21:31:07 | 001,943,584 | ---- | C] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe [2008.01.15 02:59:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.15 02:59:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.07.28 18:02:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.07.28 10:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010.12.12 23:03:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA47987D-4990-4288-ADB6-D5BC009E5E6A}.job [2010.12.12 22:52:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 22:52:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 20:59:47 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.12 20:59:47 | 000,602,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.12 20:59:47 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.12 20:59:47 | 000,105,624 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.12 20:52:31 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.12.12 20:52:02 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2010.12.12 20:47:40 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.12.10 23:26:49 | 000,002,523 | ---- | M] () -- C:\Users\Diana\Desktop\HiJackThis.lnk [2010.12.02 20:28:31 | 000,181,248 | ---- | M] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.30 23:48:14 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.11.30 23:27:56 | 000,052,976 | ---- | M] () -- C:\Users\Diana\Documents\cc_20101130_232613.reg [2010.11.25 23:29:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.25 23:29:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.25 23:29:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.25 23:29:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe [2010.11.21 23:03:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 22:52:38 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.21 21:31:12 | 001,943,584 | ---- | M] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe [2010.11.17 22:58:33 | 000,591,602 | ---- | M] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip [2010.11.14 14:32:31 | 000,012,321 | ---- | M] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx ========== Files Created - No Company Name ========== [2010.11.30 23:48:14 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.11.30 23:26:16 | 000,052,976 | ---- | C] () -- C:\Users\Diana\Documents\cc_20101130_232613.reg [2010.11.22 22:51:07 | 000,002,523 | ---- | C] () -- C:\Users\Diana\Desktop\HiJackThis.lnk [2010.11.21 23:03:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 22:52:38 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.17 22:58:27 | 000,591,602 | ---- | C] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip [2010.11.14 14:32:31 | 000,012,321 | ---- | C] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx [2010.11.13 14:24:32 | 002,717,134 | ---- | C] () -- C:\Users\Diana\Desktop\mama 127.JPG [2010.10.23 17:04:18 | 000,001,336 | ---- | C] () -- C:\Windows\TVEpaDrv.ini [2010.05.13 17:01:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.13 17:01:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.02.25 21:54:19 | 000,000,000 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\downloads.m3u [2009.10.15 22:37:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.22 20:43:05 | 000,000,009 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\mdb.bin [2009.07.28 21:03:11 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.05.01 19:08:42 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.01 19:08:35 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.31 18:02:27 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.03.30 21:13:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.01.08 22:55:17 | 000,000,120 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\default.rss [2009.01.02 18:56:45 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2008.06.09 18:11:54 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.04.06 22:59:25 | 000,000,398 | ---- | C] () -- C:\Windows\GTKassenbuch.INI [2008.04.06 21:13:27 | 000,001,197 | ---- | C] () -- C:\Windows\WISO.INI [2008.04.06 21:05:47 | 000,000,240 | ---- | C] () -- C:\Windows\BUHL.INI [2008.03.30 19:50:28 | 000,181,248 | ---- | C] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.30 17:25:26 | 000,000,106 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\wklnhst.dat [2008.03.30 02:56:20 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.001 [2008.03.30 02:53:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.30 02:15:41 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.dat [2008.03.30 00:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.03.30 00:30:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL [2008.03.29 23:00:54 | 000,000,093 | ---- | C] () -- C:\Users\Diana\AppData\Local\fusioncache.dat [2008.01.15 10:33:08 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.01.15 10:33:07 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.15 02:59:59 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2008.01.15 02:59:59 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.07.28 20:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.28 18:02:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.28 18:02:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007.07.28 10:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.07.28 10:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.07.28 10:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.07.28 10:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.07.28 09:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.07.28 09:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll < End of report > |
|
12.12.2010, 23:14
| #18 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12.12.2010 22:59:41 - Run 4 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Diana\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18975) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 65,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 27,92 Gb Free Space | 40,02% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 52,81 Gb Free Space | 75,98% Space Free | Partition Type: NTFS Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe PRC - [2008.08.20 06:02:58 | 000,009,408 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe PRC - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe PRC - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe PRC - [2008.03.30 19:09:01 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Diana\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2008.01.19 08:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.19 08:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2007.10.22 11:34:20 | 000,421,888 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MInfraIS.exe PRC - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.07.06 04:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.02.19 22:57:20 | 000,164,097 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler) SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE -- (antivirwebservice) SRV - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2009.09.02 10:27:38 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2009.09.01 14:29:06 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2009.05.28 07:07:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.28 07:07:41 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt) DRV - [2009.05.28 07:07:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio) DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.12.03 20:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.11.05 10:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.07.28 10:18:40 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.07.18 12:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.16 10:01:32 | 001,062,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.05.17 02:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.17 01:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.17 01:46:36 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.05.17 01:46:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.05.17 01:46:20 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.05.16 13:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.25 15:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.04.25 15:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.04.25 15:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006.11.02 14:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.01 00:06:02 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.01 00:06:02 | 000,000,000 | ---D | M] [2009.10.15 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions [2010.12.08 20:41:09 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions [2010.08.08 21:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.11.25 23:30:03 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.26 19:28:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.13 16:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.09 16:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.25 23:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.11.25 23:29:36 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.01 00:05:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.01 00:05:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.01 00:05:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.01 00:05:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.01 00:05:53 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.01 00:09:57 | 000,000,000 | ---D | C] -- C:\_OTL [2010.11.25 23:30:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.25 23:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.25 23:30:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.25 22:53:23 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2010.11.25 20:32:22 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe [2010.11.22 22:51:07 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.11.21 23:03:59 | 000,000,000 | ---D | C] -- C:\Users\Diana\AppData\Roaming\Malwarebytes [2010.11.21 23:03:50 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.11.21 23:03:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.11.21 23:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.11.21 23:03:47 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.11.21 22:52:33 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.11.21 21:31:07 | 001,943,584 | ---- | C] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe [2008.01.15 02:59:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.15 02:59:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.07.28 18:02:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.07.28 10:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll ========== Files - Modified Within 30 Days ========== [2010.12.12 23:03:00 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{BA47987D-4990-4288-ADB6-D5BC009E5E6A}.job [2010.12.12 22:52:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 22:52:03 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.12 20:59:47 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.12.12 20:59:47 | 000,602,188 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.12.12 20:59:47 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.12.12 20:59:47 | 000,105,624 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.12.12 20:52:31 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.12.12 20:52:02 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2010.12.12 20:47:40 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.12.10 23:26:49 | 000,002,523 | ---- | M] () -- C:\Users\Diana\Desktop\HiJackThis.lnk [2010.12.02 20:28:31 | 000,181,248 | ---- | M] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.11.30 23:48:14 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.11.30 23:27:56 | 000,052,976 | ---- | M] () -- C:\Users\Diana\Documents\cc_20101130_232613.reg [2010.11.25 23:29:33 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2010.11.25 23:29:33 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2010.11.25 23:29:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2010.11.25 23:29:33 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe [2010.11.21 23:03:53 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 22:52:38 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.21 21:31:12 | 001,943,584 | ---- | M] (Piriform Ltd) -- C:\Users\Diana\Documents\ccsetup3001310_slim.exe [2010.11.17 22:58:33 | 000,591,602 | ---- | M] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip [2010.11.14 14:32:31 | 000,012,321 | ---- | M] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx ========== Files Created - No Company Name ========== [2010.11.30 23:48:14 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010.11.30 23:26:16 | 000,052,976 | ---- | C] () -- C:\Users\Diana\Documents\cc_20101130_232613.reg [2010.11.22 22:51:07 | 000,002,523 | ---- | C] () -- C:\Users\Diana\Desktop\HiJackThis.lnk [2010.11.21 23:03:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.11.21 22:52:38 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2010.11.17 22:58:27 | 000,591,602 | ---- | C] () -- C:\Users\Diana\Documents\QuickSteuer_2010_Dasi.zip [2010.11.14 14:32:31 | 000,012,321 | ---- | C] () -- C:\Users\Diana\Documents\Gitarre Tabs.docx [2010.11.13 14:24:32 | 002,717,134 | ---- | C] () -- C:\Users\Diana\Desktop\mama 127.JPG [2010.10.23 17:04:18 | 000,001,336 | ---- | C] () -- C:\Windows\TVEpaDrv.ini [2010.05.13 17:01:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.13 17:01:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.02.25 21:54:19 | 000,000,000 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\downloads.m3u [2009.10.15 22:37:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.22 20:43:05 | 000,000,009 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\mdb.bin [2009.07.28 21:03:11 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.05.01 19:08:42 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.01 19:08:35 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.31 18:02:27 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.03.30 21:13:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.01.08 22:55:17 | 000,000,120 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\default.rss [2009.01.02 18:56:45 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2008.06.09 18:11:54 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.04.06 22:59:25 | 000,000,398 | ---- | C] () -- C:\Windows\GTKassenbuch.INI [2008.04.06 21:13:27 | 000,001,197 | ---- | C] () -- C:\Windows\WISO.INI [2008.04.06 21:05:47 | 000,000,240 | ---- | C] () -- C:\Windows\BUHL.INI [2008.03.30 19:50:28 | 000,181,248 | ---- | C] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.30 17:25:26 | 000,000,106 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\wklnhst.dat [2008.03.30 02:56:20 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.001 [2008.03.30 02:53:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.30 02:15:41 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.dat [2008.03.30 00:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.03.30 00:30:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL [2008.03.29 23:00:54 | 000,000,093 | ---- | C] () -- C:\Users\Diana\AppData\Local\fusioncache.dat [2008.01.15 10:33:08 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.01.15 10:33:07 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.15 02:59:59 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2008.01.15 02:59:59 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.07.28 20:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.28 18:02:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.28 18:02:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007.07.28 10:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.07.28 10:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.07.28 10:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.07.28 10:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.07.28 09:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.07.28 09:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll < End of report > |
|
12.12.2010, 23:45
| #19 |
| /// Helfer-Team  | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Ich kann mir deine Logs erst morgen Abend durchgucken, aber damit ich dich richtig verstehe; Das Problem mit dem Internet ist zwischenzeitlich wieder genauso vorhanden wie zu Beginn dieses Threads (trotz deaktiviertem Zonealarm)?
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte!  |
|
14.12.2010, 21:52
| #20 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Hallo rea, ja so ist es. Sofern ich auf irgendeine Seite möchte oder gar eine Bestellung durchlaufen will, könnte ich wahrscheinlich eher hinfahren. Meistens bleib t der Balken stehen oder läuft in Zeitlupe. Es ist ein Graus.  ( |
|
14.12.2010, 21:52
| #21 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Hallo rea, ja so ist es. Sofern ich auf irgendeine Seite möchte oder gar eine Bestellung durchlaufen will, könnte ich wahrscheinlich eher hinfahren. Meistens bleib t der Balken stehen oder läuft in Zeitlupe. Es ist ein Graus. ( |
|
15.12.2010, 17:50
| #22 |
| /// Helfer-Team | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Dann schauen wir weiter nach Malware. Du solltest im Moment übrigens besser keine Geldgeschäfte, bzw. Onlinebanking mit diesem Rechner unternehmen! Wir wissen bis jetzt noch nicht, was da bei dir los ist und es kann natürlich sein, dass da etwas dich ausspioniert. Du solltest ja eh noch den Malwarebytesscan wiederholen: Bitte vor dem Suchlauf das Programm über den Reiter Aktualisierung auf den allerneuesten Stand bringen und dann einen Vollständigen Suchlauf (nicht den Quickscan) durchführen. Poste mir das Log, auch wenn keine Funde gemacht werden. Außerdem bitte dann auch noch ein Onlinescan mit Eset durchführen: Eset Online Scanner (NOD32)
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
28.12.2010, 12:39
| #23 |
| /// Helfer-Team | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Hallo diana68, gehts hier noch weiter? Ansonsten lösche ich diesen Thread in einer Woche aus meinen Abos.
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
20.01.2011, 21:15
| #24 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner hallo rea, sorry, hoffe der thread ist noch nicht gelöscht. hatte keine antworten mehr und dachte es gibt nichts mehr was man tun kann. gruß diana |
|
20.01.2011, 21:37
| #25 | |
| /// Helfer-Team | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder TrojanerZitat:
 Oben beschreibst du noch deine vorhandenen Probleme und ich hab dir daraufhin sogar noch zwei Anleitungen zu Malwarebytes und den Eset-Onlinescan gegeben, die jetzt immer noch offen sind... Schau nochmal ganz genau hin. Hat sich denn in der Zwischenzeit das Problem erledigt?
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
21.01.2011, 00:13
| #26 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Hallo Rea, irgendwie habe ich diese Anleitung garnicht gelesen. Ich habe immer auf eine Mail gewartet, dann wusste ich, dass du mir geantwortet hast. Habe aber keine mehr bekommen. ( Nein, das Problem hat sich leider nicht erledigt. Habe nun diesen Eset-Scan durchgeführt, so fette 2,5 h. Hier der Logfile. Hoffe das ist alles richtig gemacht.  Den Malwarescan mache ich dann heute Abend, bin jetzt zu müde. Vielen, vielen D a n k !!!!!!!! ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6419 # api_version=3.0.2 # EOSSerial=65d108c7267ee348a79ce16bbe1f6974 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-01-20 10:50:06 # local_time=2011-01-20 11:50:06 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.0.6001 NT Service Pack 1 # compatibility_mode=1795 16775165 100 100 88390 173686502 84755 0 # compatibility_mode=5892 16776573 100 100 182041 133088223 0 0 # compatibility_mode=8192 67108863 100 0 3726 3726 0 0 # scanned=171463 # found=0 # cleaned=0 # scan_time=8310 |
|
21.01.2011, 01:02
| #27 |
| /// Helfer-Team | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Manchmal lohnt es sich ja schon, einen Blick in den Thread zu werfen  und grundsätzlich brauch ich auch keine vier Wochen um die nächsten Schritte zu posten.Egal, ich les hier grad die ganze Zeit nur was von deaktiviertem Zonealarm. Ist Zonealarm noch auf dem Rechner? Wenn ja deinstalliere das, damit es komplett von dem Rechner runter ist. Arbeite dann nach der langen Zeit auch noch folgende Anleitung ab und achte diesmal bitte unbedingt darauf, dass OTL dir zwei Logfiles erstellen wird, denn ich benötige beide: Erneuter Systemscan mit OTL
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
21.01.2011, 22:47
| #28 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Hallo Rea, nun hat alles geklappt. Bin gespannt, was Du daraus erliest. Für mich sind das nur Böhmische Wälder ) Gruß DianaOTL Logfile:Code:
ATTFilter OTL logfile created on: 21.01.2011 22:37:05 - Run 5 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Diana\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 27,98 Gb Free Space | 40,10% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 51,28 Gb Free Space | 73,77% Space Free | Partition Type: NTFS Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe PRC - [2010.09.29 09:46:30 | 000,804,288 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe PRC - [2010.09.29 09:46:30 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe PRC - [2010.09.29 09:46:28 | 001,234,360 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.14 08:00:32 | 003,923,968 | ---- | M] (Deutsche Telekom AG, Nachrichten - Service - Shopping bei t-online.de) -- C:\Programme\T-Online\T-Online_Software_6\eMail\Mail.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe PRC - [2008.08.20 06:02:58 | 000,009,408 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe PRC - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe PRC - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe PRC - [2008.03.30 19:09:01 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Diana\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.22 11:34:20 | 000,421,888 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MInfraIS.exe PRC - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.07.06 04:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2007.01.09 14:40:00 | 000,368,640 | ---- | M] (fun communications GmbH, fun communications) -- C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.02.19 22:57:20 | 000,164,097 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler) SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE -- (antivirwebservice) SRV - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2009.09.02 10:27:38 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2009.09.01 14:29:06 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2009.05.28 07:07:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.28 07:07:41 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt) DRV - [2009.05.28 07:07:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio) DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.12.03 20:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.11.05 10:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.07.28 10:18:40 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.07.18 12:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.16 10:01:32 | 001,062,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.05.17 02:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.17 01:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.17 01:46:36 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.05.17 01:46:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.05.17 01:46:20 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.05.16 13:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.25 15:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.04.25 15:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.04.25 15:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006.11.02 14:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.17 21:37:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.17 21:37:09 | 000,000,000 | ---D | M] [2009.10.15 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions [2011.01.20 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions [2010.08.08 21:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.17 23:59:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.26 19:28:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.13 16:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.09 16:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.25 23:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.17 23:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.01 00:05:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.01 00:05:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.01 00:05:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.01 00:05:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.01 00:05:53 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.17 23:59:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.17 23:59:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.17 23:59:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.17 23:58:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.13 21:51:10 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.13 21:51:08 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.12.31 12:53:36 | 000,000,000 | ---D | C] -- C:\Users\Diana\Documents\NeroVision [2010.12.29 21:41:52 | 000,000,000 | ---D | C] -- C:\Users\Diana\Desktop\sylvester [2010.12.28 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Diana\Desktop\Silvester [2010.12.23 12:22:34 | 000,000,000 | ---D | C] -- C:\Users\Diana\Desktop\Michael Jackson - Michael [2008.01.15 02:59:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.15 02:59:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.07.28 18:02:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.07.28 10:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.21 21:11:06 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.21 21:11:06 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.21 21:11:06 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.21 21:11:06 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.21 21:03:49 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.21 21:03:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 21:03:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 21:03:19 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.01.21 00:29:12 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.18 00:40:07 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2011.01.18 00:40:07 | 000,000,398 | ---- | M] () -- C:\Windows\GTKassenbuch.INI [2011.01.17 20:04:59 | 000,001,197 | ---- | M] () -- C:\Windows\WISO.INI [2011.01.17 20:04:41 | 000,000,240 | ---- | M] () -- C:\Windows\BUHL.INI [2011.01.13 23:12:06 | 000,006,708 | ---- | M] () -- C:\Users\Diana\Documents\cc_20110113_231150.reg [2010.12.31 00:26:36 | 019,985,265 | ---- | M] () -- C:\Users\Diana\Documents\vlc-1.1.5-win32.exe [2010.12.30 01:08:09 | 000,008,458 | -HS- | M] () -- C:\Users\Diana\Desktop\Folder.jpg [2010.12.30 01:08:09 | 000,008,458 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Large.jpg [2010.12.30 01:08:09 | 000,002,422 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArtSmall.jpg [2010.12.30 01:08:09 | 000,002,422 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Small.jpg [2010.12.30 01:06:42 | 000,012,207 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Large.jpg [2010.12.30 01:06:40 | 000,003,057 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Small.jpg [2010.12.30 00:33:07 | 000,006,123 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Large.jpg [2010.12.30 00:33:07 | 000,001,805 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Small.jpg [2010.12.30 00:33:01 | 000,009,560 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Large.jpg [2010.12.30 00:33:01 | 000,002,558 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Small.jpg [2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.13 23:11:53 | 000,006,708 | ---- | C] () -- C:\Users\Diana\Documents\cc_20110113_231150.reg [2010.12.31 00:26:08 | 019,985,265 | ---- | C] () -- C:\Users\Diana\Documents\vlc-1.1.5-win32.exe [2010.12.30 01:08:09 | 000,008,458 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Large.jpg [2010.12.30 01:08:09 | 000,002,422 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Small.jpg [2010.12.30 01:06:45 | 000,012,207 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Large.jpg [2010.12.30 01:06:45 | 000,003,057 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Small.jpg [2010.12.30 00:33:03 | 000,009,560 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Large.jpg [2010.12.30 00:33:03 | 000,002,558 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Small.jpg [2010.12.28 23:22:40 | 000,006,123 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Large.jpg [2010.12.28 23:22:40 | 000,001,805 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Small.jpg [2010.10.23 17:04:18 | 000,001,336 | ---- | C] () -- C:\Windows\TVEpaDrv.ini [2010.05.13 17:01:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.13 17:01:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.02.25 21:54:19 | 000,000,000 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\downloads.m3u [2009.10.15 22:37:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.22 20:43:05 | 000,000,009 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\mdb.bin [2009.07.28 21:03:11 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.05.01 19:08:42 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.01 19:08:35 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.31 18:02:27 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.03.30 21:13:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.01.08 22:55:17 | 000,000,120 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\default.rss [2009.01.02 18:56:45 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2008.06.09 18:11:54 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.04.06 22:59:25 | 000,000,398 | ---- | C] () -- C:\Windows\GTKassenbuch.INI [2008.04.06 21:13:27 | 000,001,197 | ---- | C] () -- C:\Windows\WISO.INI [2008.04.06 21:05:47 | 000,000,240 | ---- | C] () -- C:\Windows\BUHL.INI [2008.03.30 19:50:28 | 000,181,248 | ---- | C] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.30 17:25:26 | 000,000,106 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\wklnhst.dat [2008.03.30 02:56:20 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.001 [2008.03.30 02:53:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.30 02:15:41 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.dat [2008.03.30 00:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.03.30 00:30:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL [2008.03.29 23:00:54 | 000,000,093 | ---- | C] () -- C:\Users\Diana\AppData\Local\fusioncache.dat [2008.01.15 10:33:08 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.01.15 10:33:07 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.15 02:59:59 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2008.01.15 02:59:59 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.07.28 20:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.28 18:02:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.28 18:02:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007.07.28 10:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.07.28 10:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.07.28 10:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.07.28 10:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.07.28 09:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.07.28 09:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll ========== LOP Check ========== [2010.05.08 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Amazon [2008.05.26 19:14:33 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Buhl Data Service [2010.10.19 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\GitarreroBeginner [2008.06.20 17:15:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\GitarreroMDemo [2008.05.17 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Haufe [2008.03.30 15:08:06 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Lexware [2010.10.23 16:59:01 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\MAGIX [2010.10.23 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\MAGIX USB-Videowandler 2 [2008.08.12 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\OpenOffice.org3 [2010.05.13 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\PC Suite [2010.10.19 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\ProtectDisc [2008.10.16 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\S.A.D [2010.10.17 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Samsung [2010.08.12 20:26:43 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Steganos [2008.03.29 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\T-Online [2008.03.30 17:25:28 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Template [2009.09.23 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\TuneUp Software [2011.01.21 01:01:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.17 22:22:59 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BA47987D-4990-4288-ADB6-D5BC009E5E6A}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.01.2011 22:37:05 - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Diana\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 27,98 Gb Free Space | 40,10% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 51,28 Gb Free Space | 73,77% Space Free | Partition Type: NTFS
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0837F1C7-39C3-4747-9436-E9C1E0A5472B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{0DC34BB1-8728-49D1-A443-684A87432A6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{31D60450-A675-4CA7-9E6A-3F1A4A198FC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{40C5D945-83AF-42B4-80D5-A21A99DFC7C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{4EAF1534-AB51-4F1F-B786-A6D65019BC9E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{4EE9CE80-C3D1-46D6-9DEE-852BF8253DD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{84FD71C4-5848-412F-A933-8F00BD1F1426}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D6C8E6CB-00DE-497A-A956-61A13CE05E61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DAFFBEFD-CACC-45C5-A82C-7D5F382D3D72}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{446BB827-D9A7-4BDC-95CA-22CA5216E3AB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{ABD333AC-86BE-4ED9-B1F6-886CED34F64E}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{AEFB2469-56A9-4981-9EEA-EE8DD0DE9B01}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{C3A8681E-770E-4294-9046-F3BBA4ABE175}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{CA443963-A2A1-4479-81F3-D4D714AEB5AD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{D033DA20-65D1-4A19-80D9-462792854C0E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{EF6DB405-C6E4-4BCC-9BBC-986FFE4DA449}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{FB01D56B-BCD4-4C80-81E6-8D5DF0566379}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{182726AD-3D90-40CC-8D58-31A9572ED9F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B9F2C1AF-0F5E-4238-A379-BEA5823DEF6B}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{5A41AF34-329B-4B5C-B83C-71B708E7D9D3}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{A6A2386F-2188-4D49-8EA0-617778C474C0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D6E1F40-DF2C-4144-9854-605D4E4C9B78}" = WISO Geld-Tipp Kassenbuch
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52A69DD7-952A-460E-93EA-60F7C29F58AC}" = Steuer Update 14.01
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67BACBCA-5F64-41D8-BE0E-AEEDD70DE781}" = Steuer Update 14.01
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9d0f1fdf-3342-4d6c-8448-4cda0f03a3c3}" = Nero 9
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF978935-BB39-493F-9CEE-6E536BA7422B}" = QuickSteuer 2008
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"InstallShield_{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video easy RSIV Edition D" = MAGIX Video easy RSIV Edition 1.0.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"STANDARD" = Microsoft Office Standard 2007
"TVEpaDrv" = MAGIX USB-Videowandler 2 Device Driver
"VLC media player" = VLC media player 1.0.2
"WORD" = Microsoft Office Word 2007
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.12.2010 16:19:19 | Computer Name = Diana-PC | Source = PerfNet | ID = 2004
Description =
Error - 02.12.2010 16:19:19 | Computer Name = Diana-PC | Source = PerfNet | ID = 2002
Description =
Error - 12.12.2010 15:52:51 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.12.2010 15:07:13 | Computer Name = Diana-PC | Source = Application Hang | ID = 1002
Description = Programm BROWSER.EXE, Version 6.11.0.5 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 8c0 Anfangszeit: 01cb9fa806c15854 Zeitpunkt der Beendigung:
47
Error - 19.12.2010 15:25:49 | Computer Name = Diana-PC | Source = Application Hang | ID = 1002
Description = Programm BROWSER.EXE, Version 6.11.0.5 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12f4 Anfangszeit: 01cb9faff459caa4 Zeitpunkt der Beendigung:
15
Error - 23.12.2010 07:13:54 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.12.2010 18:08:09 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.12.2010 13:22:49 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.12.2010 15:18:04 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.12.2010 17:29:23 | Computer Name = Diana-PC | Source = Application Hang | ID = 1002
Description = Programm BROWSER.EXE, Version 6.11.0.5 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: ffc Anfangszeit: 01cba6c331c4a5fd Zeitpunkt der Beendigung:
31
[ OSession Events ]
Error - 06.04.2008 16:27:32 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.
Error - 11.04.2008 10:12:18 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 612
seconds with 540 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.01.2011 14:51:13 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 18.01.2011 14:51:37 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.01.2011 15:56:03 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 19.01.2011 15:56:16 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2011 15:56:02 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 20.01.2011 15:56:16 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2011 19:28:57 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 20.01.2011 19:29:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.01.2011 16:03:22 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 21.01.2011 16:03:36 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5566 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18999 21.01.2011 22:27:56 mbam-log-2011-01-21 (22-27-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 288770 Laufzeit: 1 Stunde(n), 22 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
21.01.2011, 22:47
| #29 |
| | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Hallo Rea, nun hat alles geklappt. Bin gespannt, was Du daraus erliest. Für mich sind das nur Böhmische Wälder ) Gruß DianaOTL Logfile:Code:
ATTFilter OTL logfile created on: 21.01.2011 22:37:05 - Run 5 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Diana\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18999) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free 4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 69,77 Gb Total Space | 27,98 Gb Free Space | 40,10% Space Free | Partition Type: NTFS Drive D: | 69,52 Gb Total Space | 51,28 Gb Free Space | 73,77% Space Free | Partition Type: NTFS Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe PRC - [2010.09.29 09:46:30 | 000,804,288 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe PRC - [2010.09.29 09:46:30 | 000,111,960 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe PRC - [2010.09.29 09:46:28 | 001,234,360 | ---- | M] (Deutsche Telekom AG) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.04.14 08:00:32 | 003,923,968 | ---- | M] (Deutsche Telekom AG, Nachrichten - Service - Shopping bei t-online.de) -- C:\Programme\T-Online\T-Online_Software_6\eMail\Mail.exe PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\sched.exe PRC - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avguard.exe PRC - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskservice.exe PRC - [2008.08.20 06:02:58 | 000,009,408 | ---- | M] () -- C:\Programme\Haufe\iDesk\iDeskService\ideskpython.exe PRC - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avwebgrd.exe PRC - [2008.06.12 13:28:40 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgnt.exe PRC - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avesvc.exe PRC - [2008.03.30 19:09:01 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Diana\AppData\Local\Temp\RtkBtMnt.exe PRC - [2008.01.19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.10.22 11:34:20 | 000,421,888 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Common Files\Marmiko Shared\MInfraIS\MInfraIS.exe PRC - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe PRC - [2007.07.06 04:06:52 | 004,669,440 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe PRC - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe PRC - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe PRC - [2007.06.11 13:54:58 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe PRC - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe PRC - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe PRC - [2007.01.09 14:40:00 | 000,368,640 | ---- | M] (fun communications GmbH, fun communications) -- C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe ========== Modules (SafeList) ========== MOD - [2010.11.25 20:32:26 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Diana\Desktop\OTL.exe MOD - [2010.08.31 16:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService) SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.02.19 22:57:20 | 000,164,097 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe -- (AntiVirMailService) SRV - [2008.10.15 13:31:50 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe -- (AntiVirScheduler) SRV - [2008.10.15 13:29:58 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe -- (AntiVirService) SRV - [2008.09.24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008.08.20 06:08:30 | 000,070,336 | ---- | M] () [Auto | Running] -- C:\Program Files\Haufe\iDesk\iDeskService\iDeskService.exe -- (HRService) SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.06.12 13:59:46 | 000,258,305 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\AVWEBGRD.EXE -- (antivirwebservice) SRV - [2008.05.09 12:22:40 | 000,041,217 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe -- (AVEService) SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 08:36:49 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2008.01.19 08:36:15 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007.09.14 14:32:46 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService) SRV - [2007.07.03 10:40:10 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService) SRV - [2007.06.28 17:50:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService) SRV - [2007.06.13 15:54:36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service) SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service) SRV - [2007.04.23 08:53:48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService) SRV - [2007.01.26 13:24:42 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService) SRV - [2006.12.14 16:00:00 | 000,544,768 | ---- | M] (Magix AG) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe -- (UPnPService) SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\DRIVERS\UIUSYS.SYS -- (UIUSys) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\pccsmcfd.sys -- (pccsmcfd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive) DRV - [2010.08.27 13:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX) DRV - [2009.09.02 10:27:38 | 000,551,424 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emOEM.sys -- (USB28xxOEM) DRV - [2009.09.01 14:29:06 | 000,579,840 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\emBDA.sys -- (USB28xxBGA) DRV - [2009.05.28 07:07:46 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.05.28 07:07:41 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgntflt.sys -- (avgntflt) DRV - [2009.05.28 07:07:39 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir PersonalEdition Premium\avgio.sys -- (avgio) DRV - [2009.04.07 08:39:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.01.19 19:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ACEDRV11.sys -- (acedrv11) DRV - [2008.12.03 20:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008.01.19 06:53:23 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM) DRV - [2008.01.19 06:53:22 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb) DRV - [2007.11.08 18:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.11.05 10:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2007.08.02 15:17:26 | 001,749,376 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC) DRV - [2007.07.28 10:18:40 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2007.07.18 12:32:40 | 001,841,312 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2007.07.16 10:01:32 | 001,062,304 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.06.18 11:03:32 | 000,737,280 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2007.06.14 03:33:26 | 000,154,624 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007.05.17 02:05:10 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu) DRV - [2007.05.17 01:46:50 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007.05.17 01:46:36 | 000,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV) DRV - [2007.05.17 01:46:26 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf) DRV - [2007.05.17 01:46:20 | 000,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL) DRV - [2007.05.16 13:47:44 | 000,032,256 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\enecir.sys -- (enecir) DRV - [2007.04.25 15:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ) DRV - [2007.04.25 15:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk) DRV - [2007.04.25 15:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter) DRV - [2007.03.21 21:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp) DRV - [2007.02.24 13:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2007.01.23 15:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk) DRV - [2006.12.07 18:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15) DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2006.11.02 14:29:36 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr) DRV - [2006.11.02 14:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Running] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO) DRV - [2006.11.02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300) DRV - [2006.11.02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx) DRV - [2006.11.02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor) DRV - [2006.11.02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci) DRV - [2006.11.02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci) DRV - [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV) DRV - [2006.11.02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320) DRV - [2006.11.02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2) DRV - [2006.11.02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid) DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata) DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m) DRV - [2006.11.02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid) DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960) DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp) DRV - [2006.11.02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4) DRV - [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor) DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx) DRV - [2006.11.02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas) DRV - [2006.11.02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI) DRV - [2006.11.02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2) DRV - [2006.11.02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs) DRV - [2006.11.02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc) DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid) DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi) DRV - [2006.11.02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS) DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx) DRV - [2006.11.02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC) DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3) DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x) DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi) DRV - [2006.11.02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas) DRV - [2006.11.02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide) DRV - [2006.11.02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide) DRV - [2006.11.02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide) DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM) DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer) DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp) DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo) DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm) DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm) DRV - [2006.11.02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL) DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi) DRV - [2006.11.02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R) DRV - [2006.09.19 16:47:04 | 000,080,744 | ---- | M] (Wasay) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Yahoo! Deutschland IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.17 21:37:09 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.17 21:37:09 | 000,000,000 | ---D | M] [2009.10.15 21:15:41 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Extensions [2011.01.20 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions [2010.08.08 21:09:12 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Diana\AppData\Roaming\mozilla\Firefox\Profiles\wde6csy0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.01.17 23:59:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.26 19:28:00 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.05.13 16:40:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.09 16:32:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.25 23:30:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2011.01.17 23:59:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.12.01 00:05:53 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.12.01 00:05:53 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.12.01 00:05:53 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.12.01 00:05:53 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.12.01 00:05:53 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll () O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0 O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Resource.dll () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Diana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.01.17 23:59:40 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2011.01.17 23:59:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2011.01.17 23:59:40 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2011.01.17 23:58:46 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.01.13 21:51:10 | 000,409,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [2011.01.13 21:51:08 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe [2010.12.31 12:53:36 | 000,000,000 | ---D | C] -- C:\Users\Diana\Documents\NeroVision [2010.12.29 21:41:52 | 000,000,000 | ---D | C] -- C:\Users\Diana\Desktop\sylvester [2010.12.28 23:17:35 | 000,000,000 | ---D | C] -- C:\Users\Diana\Desktop\Silvester [2010.12.23 12:22:34 | 000,000,000 | ---D | C] -- C:\Users\Diana\Desktop\Michael Jackson - Michael [2008.01.15 02:59:59 | 000,172,032 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll [2008.01.15 02:59:59 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll [2007.07.28 18:02:42 | 000,045,056 | ---- | C] ( ) -- C:\Windows\PLFSet.dll [2007.07.28 10:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.01.21 21:11:06 | 000,638,748 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.01.21 21:11:06 | 000,604,324 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.01.21 21:11:06 | 000,130,668 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.01.21 21:11:06 | 000,107,760 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.01.21 21:03:49 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.001 [2011.01.21 21:03:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 21:03:23 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.01.21 21:03:19 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2011.01.21 00:29:12 | 000,082,139 | ---- | M] () -- C:\ProgramData\nvModes.dat [2011.01.18 00:40:07 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET [2011.01.18 00:40:07 | 000,000,398 | ---- | M] () -- C:\Windows\GTKassenbuch.INI [2011.01.17 20:04:59 | 000,001,197 | ---- | M] () -- C:\Windows\WISO.INI [2011.01.17 20:04:41 | 000,000,240 | ---- | M] () -- C:\Windows\BUHL.INI [2011.01.13 23:12:06 | 000,006,708 | ---- | M] () -- C:\Users\Diana\Documents\cc_20110113_231150.reg [2010.12.31 00:26:36 | 019,985,265 | ---- | M] () -- C:\Users\Diana\Documents\vlc-1.1.5-win32.exe [2010.12.30 01:08:09 | 000,008,458 | -HS- | M] () -- C:\Users\Diana\Desktop\Folder.jpg [2010.12.30 01:08:09 | 000,008,458 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Large.jpg [2010.12.30 01:08:09 | 000,002,422 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArtSmall.jpg [2010.12.30 01:08:09 | 000,002,422 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Small.jpg [2010.12.30 01:06:42 | 000,012,207 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Large.jpg [2010.12.30 01:06:40 | 000,003,057 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Small.jpg [2010.12.30 00:33:07 | 000,006,123 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Large.jpg [2010.12.30 00:33:07 | 000,001,805 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Small.jpg [2010.12.30 00:33:01 | 000,009,560 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Large.jpg [2010.12.30 00:33:01 | 000,002,558 | -HS- | M] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Small.jpg [2010.12.28 15:57:35 | 000,409,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.01.13 23:11:53 | 000,006,708 | ---- | C] () -- C:\Users\Diana\Documents\cc_20110113_231150.reg [2010.12.31 00:26:08 | 019,985,265 | ---- | C] () -- C:\Users\Diana\Documents\vlc-1.1.5-win32.exe [2010.12.30 01:08:09 | 000,008,458 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Large.jpg [2010.12.30 01:08:09 | 000,002,422 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{08A0038D-C29E-47DF-A500-C040EA2411D7}_Small.jpg [2010.12.30 01:06:45 | 000,012,207 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Large.jpg [2010.12.30 01:06:45 | 000,003,057 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{31166E5B-BCE5-45AA-BDCC-D2AC9603D73D}_Small.jpg [2010.12.30 00:33:03 | 000,009,560 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Large.jpg [2010.12.30 00:33:03 | 000,002,558 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{B19046E2-45DF-47DB-8674-F8AC3BA3A244}_Small.jpg [2010.12.28 23:22:40 | 000,006,123 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Large.jpg [2010.12.28 23:22:40 | 000,001,805 | -HS- | C] () -- C:\Users\Diana\Desktop\AlbumArt_{56F2BC76-0ED5-4815-8D28-4387A9302EC5}_Small.jpg [2010.10.23 17:04:18 | 000,001,336 | ---- | C] () -- C:\Windows\TVEpaDrv.ini [2010.05.13 17:01:11 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll [2010.05.13 17:01:11 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys [2010.02.25 21:54:19 | 000,000,000 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\downloads.m3u [2009.10.15 22:37:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.09.22 20:43:05 | 000,000,009 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\mdb.bin [2009.07.28 21:03:11 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI [2009.05.01 19:08:42 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009.05.01 19:08:35 | 000,082,139 | ---- | C] () -- C:\ProgramData\nvModes.dat [2009.03.31 18:02:27 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll [2009.03.30 21:13:04 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini [2009.01.08 22:55:17 | 000,000,120 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\default.rss [2009.01.02 18:56:45 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini [2008.06.09 18:11:54 | 001,868,868 | ---- | C] () -- C:\Windows\System32\RSA32_16.DLL [2008.04.06 22:59:25 | 000,000,398 | ---- | C] () -- C:\Windows\GTKassenbuch.INI [2008.04.06 21:13:27 | 000,001,197 | ---- | C] () -- C:\Windows\WISO.INI [2008.04.06 21:05:47 | 000,000,240 | ---- | C] () -- C:\Windows\BUHL.INI [2008.03.30 19:50:28 | 000,181,248 | ---- | C] () -- C:\Users\Diana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.03.30 17:25:26 | 000,000,106 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\wklnhst.dat [2008.03.30 02:56:20 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.001 [2008.03.30 02:53:29 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2008.03.30 02:15:41 | 000,080,675 | ---- | C] () -- C:\Users\Diana\AppData\Roaming\nvModes.dat [2008.03.30 00:33:02 | 000,000,000 | ---- | C] () -- C:\Windows\OpPrintServer.INI [2008.03.30 00:30:25 | 000,007,680 | ---- | C] () -- C:\Windows\System32\CNMVS61.DLL [2008.03.29 23:00:54 | 000,000,093 | ---- | C] () -- C:\Users\Diana\AppData\Local\fusioncache.dat [2008.01.15 10:33:08 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI [2008.01.15 10:33:07 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI [2008.01.15 02:59:59 | 001,749,376 | ---- | C] () -- C:\Windows\System32\snp2uvc.sys [2008.01.15 02:59:59 | 000,028,032 | ---- | C] () -- C:\Windows\System32\sncduvc.sys [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\System32\PidList.ini [2008.01.15 02:59:59 | 000,000,131 | ---- | C] () -- C:\Windows\PidList.ini [2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2007.07.28 20:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.07.28 18:02:42 | 001,749,376 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys [2007.07.28 18:02:42 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys [2007.07.28 10:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2007.07.28 10:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2007.07.28 10:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll [2007.07.28 10:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.07.28 09:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2007.07.28 09:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.04.21 10:08:22 | 000,253,952 | ---- | C] () -- C:\Windows\System32\HtmlHelp.dll [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.10.10 07:57:58 | 000,073,786 | ---- | C] () -- C:\Windows\System32\dntvmc23.dll [2001.10.10 07:57:58 | 000,061,497 | ---- | C] () -- C:\Windows\System32\dntvm23.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll [2001.03.07 07:02:30 | 000,229,431 | ---- | C] () -- C:\Windows\System32\dnt23.dll ========== LOP Check ========== [2010.05.08 23:08:36 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Amazon [2008.05.26 19:14:33 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Buhl Data Service [2010.10.19 20:26:19 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\GitarreroBeginner [2008.06.20 17:15:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\GitarreroMDemo [2008.05.17 13:32:27 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Haufe [2008.03.30 15:08:06 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Lexware [2010.10.23 16:59:01 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\MAGIX [2010.10.23 17:02:29 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\MAGIX USB-Videowandler 2 [2008.08.12 12:08:10 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\OpenOffice.org3 [2010.05.13 17:07:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\PC Suite [2010.10.19 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\ProtectDisc [2008.10.16 19:35:37 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\S.A.D [2010.10.17 20:49:31 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Samsung [2010.08.12 20:26:43 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Steganos [2008.03.29 22:57:42 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\T-Online [2008.03.30 17:25:28 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\Template [2009.09.23 21:48:20 | 000,000,000 | ---D | M] -- C:\Users\Diana\AppData\Roaming\TuneUp Software [2011.01.21 01:01:23 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2010.12.17 22:22:59 | 000,000,426 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{BA47987D-4990-4288-ADB6-D5BC009E5E6A}.job ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 21.01.2011 22:37:05 - Run 5
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Diana\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 46,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 65,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 27,98 Gb Free Space | 40,10% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 51,28 Gb Free Space | 73,77% Space Free | Partition Type: NTFS
Computer Name: DIANA-PC | User Name: Diana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0837F1C7-39C3-4747-9436-E9C1E0A5472B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{0DC34BB1-8728-49D1-A443-684A87432A6C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe |
"{31D60450-A675-4CA7-9E6A-3F1A4A198FC1}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{40C5D945-83AF-42B4-80D5-A21A99DFC7C0}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe |
"{4EAF1534-AB51-4F1F-B786-A6D65019BC9E}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe |
"{4EE9CE80-C3D1-46D6-9DEE-852BF8253DD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{84FD71C4-5848-412F-A933-8F00BD1F1426}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{D6C8E6CB-00DE-497A-A956-61A13CE05E61}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{DAFFBEFD-CACC-45C5-A82C-7D5F382D3D72}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{446BB827-D9A7-4BDC-95CA-22CA5216E3AB}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe |
"{ABD333AC-86BE-4ED9-B1F6-886CED34F64E}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe |
"{AEFB2469-56A9-4981-9EEA-EE8DD0DE9B01}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe |
"{C3A8681E-770E-4294-9046-F3BBA4ABE175}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe |
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe |
"{CA443963-A2A1-4479-81F3-D4D714AEB5AD}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{D033DA20-65D1-4A19-80D9-462792854C0E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{EF6DB405-C6E4-4BCC-9BBC-986FFE4DA449}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{FB01D56B-BCD4-4C80-81E6-8D5DF0566379}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{182726AD-3D90-40CC-8D58-31A9572ED9F7}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{B9F2C1AF-0F5E-4238-A379-BEA5823DEF6B}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=6 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{5A41AF34-329B-4B5C-B83C-71B708E7D9D3}C:\program files\t-online\t-online_software_6\browser\browser.exe" = protocol=17 | dir=in | app=c:\program files\t-online\t-online_software_6\browser\browser.exe |
"UDP Query User{A6A2386F-2188-4D49-8EA0-617778C474C0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{1122AAC4-AAAA-43BF-B2D4-3C8C12378952}" = Nero InfoTool
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{12345674-DE9A-677A-CCEE-666356D89777}" = Nero BurnRights
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2D6E1F40-DF2C-4144-9854-605D4E4C9B78}" = WISO Geld-Tipp Kassenbuch
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Acer Crystal Eye Webcam Video Class Camera
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{52A69DD7-952A-460E-93EA-60F7C29F58AC}" = Steuer Update 14.01
"{53480870-02D8-48FB-BC27-72C956885168}" = O&O MediaRecovery
"{548F99E0-14CC-4D53-A7D6-4A62A5F2C748}" = Nero PhotoSnap
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5A62A775-A29A-4CE1-BBC2-4A9CD0B211EF}" = Nero Live Help
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C42EAB8-54F9-423A-948C-1CBEF25F8DB4}" = Nero PhotoSnap Help
"{5C9BB0B3-E830-4814-BBA4-D93535E1C7B9}" = Nero Live
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67BACBCA-5F64-41D8-BE0E-AEEDD70DE781}" = Steuer Update 14.01
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75321954-2589-11DC-DDCC-E98356D81493}" = Nero DriveSpeed
"{753973C4-B961-43BF-B2D4-3C8C92F7216E}" = Nero DriveSpeed
"{78523651-D8B1-11DC-CCEE-741589645873}" = Nero DiscSpeed
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{8C654BD0-1949-43DE-84F2-EC2A1ABB0CB4}" = Nero ShowTime
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{948FFAAE-C57F-447B-9B07-3721E950BFDC}" = Nero ShowTime
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9d0f1fdf-3342-4d6c-8448-4cda0f03a3c3}" = Nero 9
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = Acer Crystal Eye webcam
"{AAA12554-2589-11DC-92EF-E98356D81493}" = Nero InfoTool
"{AABBCC54-D8B1-11DC-92EF-E98356D81493}" = Nero DiscSpeed
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC42EE05-1F5D-4B92-851A-DBFE81088A0C}" = QuickSteuer 2010
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B5761811-28F3-4257-B537-815C5EEF472C}" = Vodafone Mobile Connect Lite
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D5C8E140-6E6F-11DD-9AA9-0050560400B1}" = Haufe iDesk-Service
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{EA9FFE54-D8B1-11DC-92EF-E98356D81493}" = Nero BurnRights
"{EF978935-BB39-493F-9CEE-6E536BA7422B}" = QuickSteuer 2008
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F48AAE0F-52F4-11DD-B1F7-0050560400B1}" = Haufe iDesk-Browser
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AntiVir PersonalEdition Premium" = Avira AntiVir Premium
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CCleaner" = CCleaner
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"InstallShield_{46F57104-8342-4455-B6F2-0203D8CC8AA5}" = MAGIX USB-Videowandler 2
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotos auf CD & DVD 8 D" = MAGIX Fotos auf CD & DVD 8 8.0.1.11 (D)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Video easy RSIV Edition D" = MAGIX Video easy RSIV Edition 1.0.3.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"STANDARD" = Microsoft Office Standard 2007
"TVEpaDrv" = MAGIX USB-Videowandler 2 Device Driver
"VLC media player" = VLC media player 1.0.2
"WORD" = Microsoft Office Word 2007
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 02.12.2010 16:19:19 | Computer Name = Diana-PC | Source = PerfNet | ID = 2004
Description =
Error - 02.12.2010 16:19:19 | Computer Name = Diana-PC | Source = PerfNet | ID = 2002
Description =
Error - 12.12.2010 15:52:51 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 19.12.2010 15:07:13 | Computer Name = Diana-PC | Source = Application Hang | ID = 1002
Description = Programm BROWSER.EXE, Version 6.11.0.5 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 8c0 Anfangszeit: 01cb9fa806c15854 Zeitpunkt der Beendigung:
47
Error - 19.12.2010 15:25:49 | Computer Name = Diana-PC | Source = Application Hang | ID = 1002
Description = Programm BROWSER.EXE, Version 6.11.0.5 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 12f4 Anfangszeit: 01cb9faff459caa4 Zeitpunkt der Beendigung:
15
Error - 23.12.2010 07:13:54 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 23.12.2010 18:08:09 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.12.2010 13:22:49 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 26.12.2010 15:18:04 | Computer Name = Diana-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
Error - 28.12.2010 17:29:23 | Computer Name = Diana-PC | Source = Application Hang | ID = 1002
Description = Programm BROWSER.EXE, Version 6.11.0.5 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: ffc Anfangszeit: 01cba6c331c4a5fd Zeitpunkt der Beendigung:
31
[ OSession Events ]
Error - 06.04.2008 16:27:32 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 142
seconds with 120 seconds of active time. This session ended with a crash.
Error - 11.04.2008 10:12:18 | Computer Name = Diana-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 612
seconds with 540 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 18.01.2011 14:51:13 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 18.01.2011 14:51:37 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 19.01.2011 15:56:03 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 19.01.2011 15:56:16 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2011 15:56:02 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 20.01.2011 15:56:16 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 20.01.2011 19:28:57 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 20.01.2011 19:29:13 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 21.01.2011 16:03:22 | Computer Name = Diana-PC | Source = HTTP | ID = 15016
Description =
Error - 21.01.2011 16:03:36 | Computer Name = Diana-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Malwarebytes' Anti-Malware 1.50.1.1100 Malwarebytes Datenbank Version: 5566 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18999 21.01.2011 22:27:56 mbam-log-2011-01-21 (22-27-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 288770 Laufzeit: 1 Stunde(n), 22 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
22.01.2011, 03:58
| #30 | |
| /// Helfer-Team | Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner Du kannst noch folgendes deinstallieren: Skype Toolbars Achte bitte darauf, dass ich dir zwischendurch auch Fragen stelle, die du beantworten musst, sonst muss ich bald anfangen zu raten Tritt dieses Internetproblem denn bei verschiedenen Browsern auf oder nur bei einem bestimmten? Du schreibst meist nur von dem T-Online Browser, hast du auch mal Mozilla Firefox versucht oder den Internet Explorer? Irgendwann war mal TuneUp auf deinem System installiert, hast du damit eine Optimierung durchgeführt und ist das schon länger her? Du hast in deinem ersten Post hier geschrieben: Zitat:
__________________ mfg, rea *Auch du brauchst Hilfe bei einem Malwareproblem?* *TB-Spendenkonto* Hier könnte ein schlauer Spruch stehen. Naja .... könnte! |
|
| Themen zu Internet langsam, Seitenaufbau im Schneckentempo, Verdacht auf Virus oder Trojaner |
| adobe, antivir, avg, avira, avira antivir premium, bho, canon, defender, helper, hijackthis, hkus\s-1-5-18, internet, internet explorer, internet langsam, langsam, monitor, object, plug-in, pop-up-blocker, problem, rundll, server, software, symantec, system, trojane, trojaner, verdacht auf virus, viren, virus, vista, wenig ahnung, windows |
Linear-Darstellung
