starker Performanceverlust auf Laptop Hallo zusammen, auf dem Laptop meiner Freundin ist seit einiger Zeit ein starker Leistungsverlust festzustellen. Mein Verdacht waren gleich irgendwelche Backdoor-Aktivitaeten, deshalb gleich die Logs gefahren.
Hier zunaechst das Malware Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6533
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048
08/05/2011 20:34:41
mbam-log-2011-05-08 (20-34-41).txt
Scan type: Quick scan
Objects scanned: 176451
Time elapsed: 9 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 5
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AA2FBF8-9C76-4E97-A226-25C5F4AB6358} (Adware.Hotbar) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\bak_Application (Hijacker.Application) -> Value: bak_Application -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations\Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
c:\$RECYCLE.BIN\s-1-5-21-717181376-2373768855-204596754-1003\$RF0DISR.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\Temp\icreinstall\audioconvertersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\Temp\5423483.uninstall\uninstall.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\Temp\Low\9b88.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Users\\AppData\Local\Temp\Low\_EE5F.tmp (Spyware.Password) -> Quarantined and deleted successfully.
Ausserdem das OTL-Logfile:OTL Logfile: Code:
OTL logfile created on: 08/05/2011 21:06:27 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Sara\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.34 Gb Total Space | 147.32 Gb Free Space | 66.26% Space Free | Partition Type: NTFS
Drive D: | 10.55 Gb Total Space | 2.37 Gb Free Space | 22.44% Space Free | Partition Type: NTFS
Computer Name: | User Name: | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/08 20:22:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
PRC - [2011/04/17 02:37:44 | 000,235,168 | ---- | M] (Adobe Systems, Inc.) -- C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_ActiveX.exe
PRC - [2011/03/16 21:26:02 | 002,071,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2011/01/11 01:25:06 | 001,230,704 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/12/08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010/11/25 14:39:19 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/09/23 12:48:41 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/07/18 20:32:27 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/07/18 20:32:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/07/18 20:32:16 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/07/13 12:46:44 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe
PRC - [2009/12/01 13:37:46 | 000,842,816 | ---- | M] (DigitalPersona, Inc.) -- C:\Program Files\DigitalPersona\Bin\DpAgent.exe
PRC - [2009/04/11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2007/09/05 23:09:54 | 001,620,520 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/09/05 23:09:54 | 000,727,592 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
========== Modules (SafeList) ==========
MOD - [2011/05/08 20:22:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\\Desktop\OTL.exe
MOD - [2010/08/31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010/07/18 20:32:27 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/07/18 20:32:24 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/12/01 13:37:48 | 000,322,624 | ---- | M] (DigitalPersona, Inc.) [Auto | Running] -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe -- (DpHost)
SRV - [2008/11/09 22:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/01/19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2007/03/05 20:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
========== Driver Services (SafeList) ==========
DRV - [2011/05/05 21:51:04 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/07/18 20:32:18 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/03 21:15:16 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/04/19 20:29:20 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/02/25 01:03:16 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/10/03 07:02:06 | 009,905,096 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/06/22 19:38:22 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/06/22 19:26:04 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2008/11/17 16:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008/03/04 04:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2007/08/29 01:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atswpdrv.sys -- (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor)
DRV - [2007/08/09 06:42:08 | 000,045,568 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/07/30 21:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 20:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/11 20:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 16:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/28 17:09:56 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/06/19 03:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/18 14:03:26 | 000,141,312 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Apfiltr.sys -- (ApfiltrService)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h==p://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h==p://uk.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h==p://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=90129103000000000000001de09d8a97&tlver=1.4.19.19&affID=17160
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h==p://www.bbc.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
FF - HKLM\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/06/11 13:35:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/02/07 23:23:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/02/07 23:23:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/07 16:20:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
[2011/03/02 23:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\Mozilla\Extensions
[2011/03/02 23:30:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/04/09 22:17:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/02 23:37:30 | 000,000,000 | ---D | M] (Lightning) -- C:\USERS\\APPDATA\ROAMING\THUNDERBIRD\PROFILES\RE4M10YS.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2011/04/18 23:44:15 | 000,002,423 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
O1 HOSTS File: ([2006/09/18 23:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DigitalPersona Personal Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HP Health Check Scheduler] File not found
O4 - HKLM..\Run: [hpqSRMon] File not found
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [Search Protection] File not found
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: magnetmail.net ([www] https in Trusted sites)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/16 18:14:26 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O33 - MountPoints2\{2147cfa8-25d5-11df-8b18-001e3776b1e0}\Shell\AutoRun\command - "" = F:\t8s2x.exe
O33 - MountPoints2\{2147cfa8-25d5-11df-8b18-001e3776b1e0}\Shell\open\Command - "" = F:\t8s2x.exe
O33 - MountPoints2\{4ae789c3-b344-11df-bb3e-001e3776b1e0}\Shell - "" = AutoRun
O33 - MountPoints2\{4ae789c3-b344-11df-bb3e-001e3776b1e0}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{4b125331-a7a8-11df-8a5b-9b69f60174de}\Shell - "" = AutoRun
O33 - MountPoints2\{4b125331-a7a8-11df-8a5b-9b69f60174de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4b12533f-a7a8-11df-8a5b-9b69f60174de}\Shell - "" = AutoRun
O33 - MountPoints2\{4b12533f-a7a8-11df-8a5b-9b69f60174de}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d69f936a-a906-11df-8133-001f166adbaa}\Shell - "" = AutoRun
O33 - MountPoints2\{d69f936a-a906-11df-8133-001f166adbaa}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\m1eqos3.exe
O33 - MountPoints2\G\Shell\open\Command - "" = G:\m1eqos3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/05/08 20:40:29 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{D5A2CAA8-4F5D-49D3-8448-B45E1FF283A6}
[2011/05/08 20:22:02 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2011/05/06 20:28:26 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{0645C295-F91C-4721-B074-4F3E2D9A5F23}
[2011/05/05 18:44:05 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{1A1275EF-B485-405E-8DAE-19A39606ABF6}
[2011/05/03 19:44:53 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{45EE30A1-F453-4B2B-A420-DA7CE0FC7C58}
[2011/05/01 16:17:03 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{F9C8AE84-F6EC-4D7F-B7A9-F3CF1142CE54}
[2011/04/30 12:25:08 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{90E790DE-A3DF-4104-911F-675A43950F6D}
[2011/04/30 00:11:26 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\koln zoo
[2011/04/29 19:01:23 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{F10A3E08-4177-41CE-BDEF-32D650EE86B7}
[2011/04/27 21:07:34 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011/04/27 21:07:33 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011/04/27 21:07:30 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/04/27 19:17:39 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{A1DAE9BE-38FD-416F-BDAC-8D975A83D44B}
[2011/04/26 19:39:58 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\Easter Road Trip South Germany
[2011/04/26 19:25:59 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{06AF9CF3-C778-41F8-94C6-CA5F7CDDB72F}
[2011/04/26 19:25:37 | 000,000,000 | ---D | C] -- C:\Users\\Desktop\south germany
[2011/04/24 11:47:43 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{79660AAF-E875-40E1-8E1D-51876FB3D045}
[2011/04/23 20:38:20 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{655D863F-78EA-46F4-80BC-45AA84867989}
[2011/04/20 18:57:01 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{59B8D5EF-3170-4BB3-942C-FE59F1412F02}
[2011/04/19 20:49:26 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{DE3CCC0F-195B-4BCB-BADC-67F8DC33B33A}
[2011/04/18 23:44:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/04/18 22:56:35 | 000,000,000 | ---D | C] -- C:\Users\\Documents\LimeWire
[2011/04/18 22:33:22 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{50FE2AAD-A620-412D-BEC1-9BD06F752179}
[2011/04/17 02:38:28 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{B8AEECE9-A516-4FAF-B58D-B3CC591E0A81}
[2011/04/16 12:38:20 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{02DA1393-4D0C-4CA3-924E-BDBF13769A69}
[2011/04/15 18:41:29 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011/04/15 18:41:29 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011/04/15 18:41:20 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/04/15 18:41:20 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/04/15 18:41:20 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/04/15 18:41:19 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/04/15 18:41:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/04/15 18:41:19 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/04/15 18:41:19 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/04/15 18:41:19 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/04/15 18:41:19 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/04/15 18:41:19 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/04/15 18:41:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/04/15 18:41:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/04/15 18:41:19 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/04/15 18:41:19 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/04/15 18:41:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/04/15 18:41:19 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/04/15 18:41:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/04/15 18:41:14 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011/04/15 18:41:13 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011/04/15 18:41:11 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/04/15 18:41:03 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011/04/15 18:40:49 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/04/15 18:40:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/04/12 19:46:12 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{66CF6B50-70DC-4D66-A64A-678D38E54F2F}
[2011/04/11 18:54:26 | 000,000,000 | ---D | C] -- C:\Users\\AppData\Local\{9929CE14-21F1-442A-B354-BFE84D061B5E}
========== Files - Modified Within 30 Days ==========
[2011/05/08 20:39:45 | 000,000,163 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2011/05/08 20:38:57 | 000,647,050 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011/05/08 20:38:42 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/08 20:38:41 | 000,647,050 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011/05/08 20:37:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 20:37:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/08 20:37:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/08 20:37:43 | 2145,771,520 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/08 20:36:32 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/05/08 20:22:07 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Sara\Desktop\OTL.exe
[2011/05/08 20:18:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/08 20:10:19 | 075,755,545 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2011/05/05 21:51:04 | 000,243,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2011/04/30 00:15:07 | 000,655,904 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 00:15:07 | 000,126,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/26 23:39:04 | 000,135,680 | ---- | M] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/19 00:06:52 | 000,007,369 | ---- | M] () -- C:\Users\\Desktop\SharePodSettings.xml
[2011/04/17 01:54:13 | 000,383,520 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/04/14 00:01:51 | 000,007,808 | ---- | M] () -- C:\Users\\AppData\Local\d3d9caps.dat
[2011/04/09 18:23:16 | 000,000,468 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Sara.job
========== Files Created - No Company Name ==========
[2010/04/15 22:39:38 | 000,647,050 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/04/15 22:39:38 | 000,647,050 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/04/15 19:14:12 | 000,009,134 | -HS- | C] () -- C:\Users\\AppData\Local\g0e65To
[2010/04/15 19:14:12 | 000,009,134 | -HS- | C] () -- C:\ProgramData\g0e65To
[2010/04/01 13:55:43 | 000,007,808 | ---- | C] () -- C:\Users\\AppData\Local\d3d9caps.dat
[2010/03/25 12:56:42 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.dll
[2010/03/25 12:56:19 | 000,017,408 | ---- | C] () -- C:\Windows\System32\rpcnetp.exe
[2010/02/26 00:57:50 | 000,130,806 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010/02/26 00:57:31 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010/02/19 03:01:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/02/18 23:45:33 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/18 23:45:33 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/02/16 19:32:16 | 000,135,680 | ---- | C] () -- C:\Users\\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/16 17:19:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/02/10 23:28:32 | 000,100,976 | ---- | C] () -- C:\Users\\AppData\Roaming\nvModes.001
[2010/02/10 23:02:06 | 000,100,976 | ---- | C] () -- C:\Users\\AppData\Roaming\nvModes.dat
[2010/02/05 23:39:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/03 17:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 17:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/02/04 20:34:21 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2007/12/16 18:54:08 | 000,101,605 | ---- | C] () -- C:\Windows\hpqins13.dat
[2007/09/05 22:52:04 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006/11/02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 14:47:37 | 000,383,520 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 12:33:01 | 000,655,904 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 12:33:01 | 000,126,194 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 12:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 17:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 23:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
========== LOP Check ==========
[2010/03/06 00:34:29 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\AVG9
[2010/04/24 02:11:33 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\BitZipper
[2011/03/04 12:00:28 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Canneverbe Limited
[2010/02/05 20:13:53 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\DigitalPersona
[2011/04/18 22:56:41 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\LimeWire
[2011/02/07 23:23:41 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Local
[2011/03/02 23:30:41 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Thunderbird
[2011/04/26 20:51:34 | 000,000,000 | ---D | M] -- C:\Users\\AppData\Roaming\Voipwise
[2011/05/08 20:36:33 | 000,032,600 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report > --- --- ---
Ok, hoffe ich habe alles unkenntlich gemacht was ich machen sollte und kann hier auf eure Hilfe hoffen. Besten Dank im Vorraus! |