Naranjito | 25.09.2012 00:39 | Rechner spielt verrückt Hallo erstmal,
ich habe seit einiger Zeit erhebliche Probleme mit meinem Rechner, einem Asus 1000h Netbook.
Habe bereits eine reihe von online viren checks gemacht, aber bisher hat sich nichts gebessert. Nach dem aufspielen und DurchlaufenvonTuneUp Utilities funtionierte der Rechner zunächst wieder, seit heute geht es jedoch wieder los, schlimmer als vorher. Verschiedene Symptome treten auf und der Rechner läßt sich quasi kaum noch bedienen:
- das geöffnete Firefox Fenster versucht immer wieder neu zu laden, der inhalt flackert
- dasselbe passiert mit geöffneten Windows Explorer Fenstern
- die linke Mautaste (Touchpad) blockiert und es läßt sich nichts anklicken. es liegt jedoch nicht am touchpad, solange man nicht angemeldet ist funktioniert es
- der Computer fährt nicht runter sonder begibt sich nachdem man den ausschalten -button gedrückt hat in den Standby Modus
- der Rechner startet immer im bios, das Betriebssystem läßt sich nur anwählen wenn man die Return Taste gedrückt hält
- desktop Icons flackern, vor allem bei start und beenden von firefox, beim Neustart werden die Icons auf dem Desktop verschoben
habe folgende logfiles erstellt:
OTL
21:31 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:32 24.09.201221:33 24.09.201221:33 24.09.201221:33 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:34 24.09.201221:35 24.09.201221:35 24.09.201221:36 24.09.201221:36 24.09.201221:46 24.09.2012OTL Logfile: Code:
OTL logfile created on: 24.09.2012 21:19:51 - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Dokumente und Einstellungen\Naranjito\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 454,33 Mb Available Physical Memory | 44,75% Memory free
2,39 Gb Paging File | 1,92 Gb Available in Paging File | 80,52% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,06 Gb Total Space | 53,07 Gb Free Space | 73,65% Space Free | Partition Type: NTFS
Drive D: | 72,06 Gb Total Space | 22,05 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 390,83 Gb Free Space | 83,91% Space Free | Partition Type: NTFS
Computer Name: DEEPTHOUGHT | User Name: Naranjito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.09.24 19:09:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Naranjito\Eigene Dateien\Downloads\OTL.exe
PRC - [2012.09.14 14:32:52 | 001,869,152 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
PRC - [2012.09.14 14:32:52 | 001,699,168 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgidsagent.exe
PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgtray.exe
PRC - [2012.07.26 03:23:08 | 000,758,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgrsx.exe
PRC - [2012.07.09 18:57:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
PRC - [2012.07.09 18:57:02 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
PRC - [2012.06.13 03:48:24 | 001,255,544 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgnsx.exe
PRC - [2012.03.19 05:18:12 | 000,979,840 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgemcx.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe
PRC - [2012.02.14 04:52:38 | 000,338,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2012\avgcsrvx.exe
PRC - [2012.01.03 09:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
PRC - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2010.02.18 12:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe
PRC - [2010.02.18 12:43:18 | 000,248,040 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.23 09:49:53 | 000,416,768 | R--- | M] (ELANTECH Devices Corp.) -- C:\Programme\Elantech\ETDCtrl.exe
PRC - [2008.12.17 20:59:50 | 000,622,592 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsAcpiSvr.exe
PRC - [2008.12.04 14:38:06 | 000,114,688 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsTray.exe
PRC - [2008.05.21 02:56:24 | 000,094,208 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\EeePC\ACPI\AsEPCMon.exe
PRC - [2008.04.14 08:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.09 18:57:12 | 000,132,704 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll
MOD - [2012.07.09 18:57:09 | 000,935,008 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
MOD - [2012.07.09 18:57:02 | 001,107,552 | ---- | M] () -- C:\Programme\AVG Secure Search\vprot.exe
MOD - [2010.11.10 13:49:38 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe
MOD - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
MOD - [2008.09.02 08:25:26 | 002,854,912 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll
========== Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012.09.18 16:30:01 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.14 14:32:52 | 001,699,168 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.09.14 14:32:50 | 000,029,536 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.07.09 18:57:09 | 000,935,008 | ---- | M] () [Auto | Running] -- C:\Programme\Gemeinsame Dateien\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe -- (vToolbarUpdater11.2.0)
SRV - [2012.06.22 02:24:13 | 000,040,960 | ---- | M] () [Disabled | Stopped] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\OCS\SM\SearchAnonymizerHelper.exe -- (SearchAnonymizer)
SRV - [2012.04.12 21:34:58 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012.02.27 00:15:42 | 000,055,144 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010.08.19 10:52:04 | 000,229,376 | ---- | M] () [Auto | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService\DCService.exe -- (DCService.exe)
SRV - [2010.03.04 23:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\iPodDrv.sys -- (iPodDrv)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012.08.28 15:22:34 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.08.24 15:43:18 | 000,301,920 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.07.26 03:21:30 | 000,237,408 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.06.03 10:44:46 | 000,005,504 | ---- | M] () [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012.04.19 04:50:26 | 000,024,896 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.01.31 04:46:50 | 000,031,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2011.12.23 13:32:14 | 000,041,040 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011.12.23 13:32:08 | 000,017,232 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2011.12.23 13:32:06 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2011.12.23 13:32:00 | 000,139,856 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2010.08.27 14:53:32 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2010.08.07 18:48:30 | 000,106,496 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 16:25:48 | 000,072,832 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.07.27 10:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2009.02.13 10:49:30 | 005,029,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2009.01.19 21:39:20 | 000,933,504 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rt2860.sys -- (RT80x86)
DRV - [2008.09.23 19:15:00 | 000,038,400 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\l1e51x86.sys -- (L1e)
DRV - [2008.08.19 16:16:36 | 000,991,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008.08.19 16:16:28 | 000,047,272 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008.08.05 14:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.07.24 11:37:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2008.05.30 05:46:12 | 000,534,568 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2008.04.08 16:59:28 | 000,010,752 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS -- (AsusACPI)
DRV - [2008.03.10 12:18:42 | 000,057,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2008.02.04 11:57:44 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006.01.04 09:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{05AC029F-B54A-4E61-8AA9-4F1B7333838C}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=771fdb90-7bc5-4691-a7cd-e77de8519b3f&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{2FB36B7A-87A0-40DD-8AE6-CBB0707B77EE}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=771fdb90-7bc5-4691-a7cd-e77de8519b3f&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{362D4BF6-3E57-4732-AAF8-7333BFE1E06B}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=771fdb90-7bc5-4691-a7cd-e77de8519b3f&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{43A81C7E-987A-4B62-A6D0-714BABB1649E}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=771fdb90-7bc5-4691-a7cd-e77de8519b3f&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{4944DBE0-5F4E-4197-80A2-B43434C8B5E3}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=771fdb90-7bc5-4691-a7cd-e77de8519b3f&pid=freewarede&mode=bounce&k=0
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263&st={searchTerms}&clid=771fdb90-7bc5-4691-a7cd-e77de8519b3f&pid=freewarede&k=0
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={AF3EAB06-32C8-4456-BBA2-1FB3214AF625}&mid=73a30d3c044b47d68da1d16b0500256f-6bd86cb07761727d48c68d175be5ce081e7f5168&lang=de&ds=AVG&pr=fr&d=2012-06-24 23:14:26&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2736476
IE - HKCU\..\SearchScopes\{FD5BB953-21FD-4C1E-9766-3BB47222D779}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=771fdb90-7bc5-4691-a7cd-e77de8519b3f&pid=freewarede&mode=bounce&k=0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..CT2736476.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2736476&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: firejump@firejump.net:1.0.2.5
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: {4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}:0.7.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q="
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Programme\Gemeinsame Dateien\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Programme\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Programme\AVG\AVG2012\Firefox4\ [2012.09.11 16:43:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Programme\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 15:43:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search\11.1.0.12\ [2012.07.09 18:57:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.09.18 16:30:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.09.12 17:55:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\firejump@firejump.net: C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\extensions\firejump@firejump.net [2012.06.22 02:24:24 | 000,000,000 | ---D | M]
[2010.12.28 00:46:53 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Extensions
[2012.09.16 21:27:02 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\extensions
[2012.08.23 15:36:44 | 000,000,000 | ---D | M] (Freeware.de) -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025}
[2012.06.22 02:24:24 | 000,000,000 | ---D | M] (FireJump) -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\extensions\firejump@firejump.net
[2012.09.16 21:27:02 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\extensions\ich@maltegoetz.de
[2012.05.23 19:22:28 | 000,013,345 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi
[2012.09.12 18:06:47 | 000,002,299 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\searchplugins\askcom.xml
[2012.07.16 21:01:52 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\searchplugins\conduit.xml
[2012.06.22 03:00:53 | 000,001,632 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\searchplugins\firefox-add-ons.xml
[2012.06.22 02:24:19 | 000,002,078 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\searchplugins\leo-deu-spa.xml
[2012.06.22 03:01:06 | 000,001,030 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\searchplugins\wikipedia-de.xml
[2012.06.22 03:05:58 | 000,002,057 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Mozilla\Firefox\Profiles\0o1b1ico.default\searchplugins\youtube-videosuche.xml
[2012.09.12 17:55:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.10 20:42:27 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.09.14 19:38:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.09.18 16:30:02 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2010.12.28 22:50:00 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2012.09.18 16:29:56 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.09 18:57:01 | 000,003,767 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.22 02:24:19 | 000,002,395 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.09.18 16:29:56 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.09.18 16:29:56 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.18 16:29:56 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.18 16:29:56 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.18 16:29:56 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2003.04.02 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AsusACPIServer] C:\Programme\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Programme\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Programme\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELANTECH Devices Corp.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Programme\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Ocs_SM] C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [vProt] C:\Programme\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Dokumente und Einstellungen\Naranjito\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Programme\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in Arbeitsplatz)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1293483797758 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6111BC54-E760-44D6-9B02-CB062CDB32D0}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6EEAE4A-19D1-4896-AB79-8BED889D89C8}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3A0DEB5-1D20-4BDB-9E4F-B96BD092031D}: DhcpNameServer = 193.189.244.225 193.189.244.206
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Gemeinsame Dateien\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper2.bmp
O27 - HKLM IFEO\bttray.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\quickstart.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sbase.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\scalc.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\sdraw.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\simpress.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\smath.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\soffice.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O27 - HKLM IFEO\swriter.exe: Debugger - C:\Programme\TuneUp Utilities 2013\TUAutoReactivator32.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.12.27 21:48:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{2e0cb380-84e9-11e1-ae4f-002243961029}\Shell - "" = AutoRun
O33 - MountPoints2\{2e0cb380-84e9-11e1-ae4f-002243961029}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2e0cb380-84e9-11e1-ae4f-002243961029}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cmD.exE /Q /C EXPloRer.EXE . & stART /I /b "" javaw -classpath "RECYCLER\S-5-9-71-7766946459-5454028280-2861839132-9628\Uec.qmu" a
O33 - MountPoints2\{527515c6-1826-11e0-ae27-002243961029}\Shell - "" = AutoRun
O33 - MountPoints2\{527515c6-1826-11e0-ae27-002243961029}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{527515c6-1826-11e0-ae27-002243961029}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{527515c9-1826-11e0-ae27-002243961029}\Shell - "" = AutoRun
O33 - MountPoints2\{527515c9-1826-11e0-ae27-002243961029}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{527515c9-1826-11e0-ae27-002243961029}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.09.24 18:49:05 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.09.23 20:18:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\TuneUp Software
[2012.09.23 19:22:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Neuer Ordner (2)
[2012.09.19 14:54:08 | 000,029,536 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2012.09.19 00:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Bilder
[2012.09.18 18:04:56 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012.09.18 18:04:56 | 000,000,000 | ---D | C] -- C:\Programme\Enigma Software Group
[2012.09.18 18:04:15 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2012.09.18 17:38:16 | 000,031,584 | ---- | C] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012.09.18 17:37:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2013
[2012.09.18 17:37:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\TuneUp Software
[2012.09.18 17:37:18 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2013
[2012.09.18 17:37:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2012.09.18 17:35:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.09.18 17:31:17 | 000,000,000 | ---D | C] -- C:\Programme\Advanced System Protector
[2012.09.18 17:30:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Systweak
[2012.09.18 17:30:31 | 000,017,832 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[2012.09.14 20:48:15 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012.09.14 20:47:23 | 000,000,000 | ---D | C] -- C:\Programme\stinger
[2012.09.14 19:37:49 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.09.11 16:43:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2012.09.07 13:04:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2012.09.07 13:04:10 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2012.09.07 13:04:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012.09.24 21:16:09 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\defogger_reenable
[2012.09.24 18:28:38 | 000,527,646 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012.09.24 18:28:38 | 000,502,358 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012.09.24 18:28:38 | 000,105,262 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012.09.24 18:28:38 | 000,087,794 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012.09.24 18:24:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.24 18:13:44 | 095,640,820 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2012.09.24 18:08:34 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.23 19:07:39 | 000,140,288 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.20 19:43:26 | 000,002,241 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2012.09.19 22:57:54 | 000,063,014 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\catholic girls.jpg
[2012.09.19 00:03:35 | 000,002,510 | ---- | M] () -- C:\WINDOWS\System32\ASOROSet.bin
[2012.09.18 17:38:08 | 000,001,711 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.18 17:38:08 | 000,001,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2013.lnk
[2012.09.18 16:06:53 | 000,000,145 | -H-- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\.~lock.Formen AST1AN18.odt#
[2012.09.16 22:09:22 | 000,000,249 | RHS- | M] () -- C:\boot.ini
[2012.09.14 22:19:54 | 000,010,151 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Formen AST1AN18.odt
[2012.09.14 21:39:48 | 000,202,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.09.14 21:39:01 | 000,191,405 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.09.14 21:15:19 | 000,000,036 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.09.14 20:48:15 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\stinger.sys
[2012.09.14 14:32:54 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\TURegOpt.exe
[2012.09.14 14:32:50 | 000,029,536 | ---- | M] (TuneUp Software) -- C:\WINDOWS\System32\uxtuneup.dll
[2012.09.13 17:45:56 | 000,012,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Vortrag 12.11.2012.odt
[2012.09.13 17:45:45 | 000,012,715 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Eigene Dateien\Vortrag 12.11.2012.odt
[2012.09.12 20:36:13 | 000,008,475 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Eigene Dateien\Quatsch.odt
[2012.09.12 17:19:17 | 000,010,881 | ---- | M] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Anschreiben DAT.odt
[2012.09.11 16:43:37 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2012.lnk
[2012.09.10 20:57:06 | 000,212,173 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2012.08.29 16:24:42 | 000,017,832 | ---- | M] (Systweak Inc., (www.systweak.com)) -- C:\WINDOWS\System32\roboot.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012.09.24 21:16:09 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\defogger_reenable
[2012.09.19 22:57:50 | 000,063,014 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\catholic girls.jpg
[2012.09.19 00:00:37 | 000,002,510 | ---- | C] () -- C:\WINDOWS\System32\ASOROSet.bin
[2012.09.18 17:38:08 | 000,001,711 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.09.18 17:38:08 | 000,001,707 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\TuneUp Utilities 2013.lnk
[2012.09.18 17:37:56 | 000,001,713 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TuneUp Utilities 2013.lnk
[2012.09.18 16:06:53 | 000,000,145 | -H-- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\.~lock.Formen AST1AN18.odt#
[2012.09.14 21:39:48 | 000,202,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\census.cache
[2012.09.14 21:39:01 | 000,191,405 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\ars.cache
[2012.09.14 21:15:19 | 000,000,036 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\housecall.guid.cache
[2012.09.13 19:26:21 | 000,010,151 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Formen AST1AN18.odt
[2012.09.13 17:45:56 | 000,012,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Vortrag 12.11.2012.odt
[2012.09.13 17:45:44 | 000,012,715 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Eigene Dateien\Vortrag 12.11.2012.odt
[2012.09.12 20:36:13 | 000,008,475 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Eigene Dateien\Quatsch.odt
[2012.09.07 13:14:01 | 000,010,881 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Desktop\Anschreiben DAT.odt
[2012.06.28 21:29:19 | 000,000,291 | ---- | C] () -- C:\WINDOWS\Clony2.ini
[2012.06.22 02:39:49 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012.06.22 02:35:10 | 000,115,960 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2012.06.22 02:24:24 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\sqlite36_engine.dll
[2012.04.12 23:50:14 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
[2011.02.02 00:33:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010.12.29 16:49:16 | 000,000,072 | ---- | C] () -- C:\WINDOWS\EurekaLog.ini
[2010.12.29 15:49:33 | 000,140,288 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.28 04:53:17 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.12.28 00:46:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.12.28 00:24:09 | 000,000,142 | ---- | C] () -- C:\Dokumente und Einstellungen\Naranjito\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.12.27 22:18:02 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010.12.27 22:13:54 | 000,000,520 | R--- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010.12.27 22:13:54 | 000,000,008 | R--- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010.12.27 22:07:47 | 000,014,713 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010.12.27 22:01:10 | 000,038,993 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini
[2010.12.27 22:00:22 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2010.12.27 22:00:12 | 000,027,954 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2010.12.27 22:00:11 | 000,010,296 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.12.27 21:53:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.12.27 21:51:26 | 000,001,082 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.12.27 21:45:54 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.12.27 21:39:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.12.27 21:38:28 | 000,118,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
========== ZeroAccess Check ==========
[2010.12.27 21:50:41 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2010.11.05 07:04:20 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008.04.14 08:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2012.09.14 19:51:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Secure Search
[2012.06.06 19:43:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2012
[2012.04.12 23:50:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2012.04.24 20:03:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2012.05.03 18:42:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP
[2012.05.03 18:42:24 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2
[2010.12.28 06:15:47 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2011.01.04 19:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DatacardService
[2010.12.28 05:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eXPert PDF 4
[2012.09.24 18:11:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012.09.18 17:38:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2010.12.27 22:07:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Wireless LAN Card
[2012.05.05 21:16:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Xilisoft
[2012.09.18 18:42:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012.09.18 18:42:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{6AD8E59C-250C-4201-B5BA-56ADEF76FF46}
[2012.09.18 18:42:51 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2012.06.06 18:41:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\AVG Secure Search
[2012.06.06 18:37:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\AVG2012
[2012.08.24 00:09:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\BSW
[2012.04.12 23:50:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Canneverbe Limited
[2012.06.22 02:53:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\DesktopIconForAmazon
[2012.06.21 18:44:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Engelmann Media
[2010.12.28 04:30:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\eXPert PDF Editor
[2012.06.22 02:24:13 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\OCS
[2010.12.28 23:06:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\OpenOffice.org
[2012.06.22 02:24:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Opera
[2012.09.19 00:13:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Systweak
[2012.09.19 14:53:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\TuneUp Software
[2012.05.01 03:55:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Uniblue
[2012.05.05 21:18:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Naranjito\Anwendungsdaten\Xilisoft
========== Purity Check ==========
< End of report > --- --- ---
2. Extras txt.
OTL Logfile: Code:
OTL Extras logfile created on: 24.09.2012 21:19:51 - Run 1
OTL by OldTimer - Version 3.2.66.2 Folder = C:\Dokumente und Einstellungen\Naranjito\Eigene Dateien\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 454,33 Mb Available Physical Memory | 44,75% Memory free
2,39 Gb Paging File | 1,92 Gb Available in Paging File | 80,52% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 72,06 Gb Total Space | 53,07 Gb Free Space | 73,65% Space Free | Partition Type: NTFS
Drive D: | 72,06 Gb Total Space | 22,05 Gb Free Space | 30,60% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 390,83 Gb Free Space | 83,91% Space Free | Partition Type: NTFS
Computer Name: DEEPTHOUGHT | User Name: Naranjito | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"UpdatesDisableNotify" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\Programme\Java\jre6\bin\javaw.exe" = C:\Programme\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\AVG\AVG2012\avgmfapx.exe" = C:\Programme\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG-Installationsprogramm -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgnsx.exe" = C:\Programme\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgdiagex.exe" = C:\Programme\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnose 2012 -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\AVG\AVG2012\avgemcx.exe" = C:\Programme\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-Mail-Scanner -- (AVG Technologies CZ, s.r.o.)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series" = Canon MX310 series
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38580E5E-AF78-4536-AD1E-6A62661372C5}" = AVG 2012
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C48D1F-9BBF-450A-BBCE-1D775AB94B15}" = FileMaker Pro 9
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2012
"BSW" = BrettspielWelt
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Elantech" = ETDWare PS/2-x86 7.0.4.3 WHQL
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SearchAnonymizer" = SearchAnonymizer
"Skillstraining " = Skillstraining
"Some PDF Image Extract_is1" = Some PDF Image Extractr 1.5
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.1
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows XP Service Pack" = Windows XP Service Pack 3
"Xilisoft iPod to PC Copy" = Xilisoft iPod to PC Copy
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 09.09.2012 15:24:10 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.09.2012 15:24:10 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1968
Error - 09.09.2012 15:24:10 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1968
Error - 09.09.2012 15:24:12 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 09.09.2012 15:24:12 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4093
Error - 09.09.2012 15:24:12 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4093
Error - 10.09.2012 08:09:14 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 10.09.2012 08:09:14 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 60306281
Error - 10.09.2012 08:09:14 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 60306281
Error - 10.09.2012 09:21:47 | Computer Name = DEEPTHOUGHT | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
[ System Events ]
Error - 18.09.2012 18:04:35 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPodDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 18.09.2012 18:04:35 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Java Quick Starter" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
Error - 19.09.2012 08:48:43 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPodDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 19.09.2012 08:48:43 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Java Quick Starter" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
Error - 19.09.2012 08:54:08 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 19.09.2012 08:54:08 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TuneUp Designerweiterung" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1083
Error - 24.09.2012 12:08:41 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPodDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.09.2012 12:08:41 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Java Quick Starter" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
Error - 24.09.2012 12:24:12 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7000
Description = Der Dienst "iPodDrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 24.09.2012 12:24:12 | Computer Name = DEEPTHOUGHT | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Java Quick Starter" wurde mit folgendem dienstspezifischem
Fehler beendet: 1 (0x1).
< End of report > --- --- ---
3. GMER
Rootkit scan 2012-09-24 22:58:37
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST916031 rev.0303
Running: 30m6eik8.exe; Driver: C:\DOKUME~1\NARANJ~1\LOKALE~1\Temp\fwryrkoc.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xF72FF004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xF72FF0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xF72FED76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xF72FEE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xF72FEEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xF72FEF56]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
Device \FileSystem\Fastfat \Fat 9B8AFD20
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
---- EOF - GMER 1.0.15 ----
Wäre echt toll wenn mir jemand helfen könnte, bin schon am verzweifeln,
LG Narnjito |