| |
| |||||||
Log-Analyse und Auswertung: Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.02.2012, 13:36
| #1 |
 |  Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Liebes Trojaner-Board-Team, vielen Dank für dieses tolle Forum! Seit Ende September 2011 habe ich ein neues Acer Laptop, der seit 1 Wocher folgendes Problem hat: nach ca. 2 Stunden im Internet (normales Surfen) wird er extrem langsam, die Maus reagiert nicht mehr und ich muss teilweise mit Gewalt herunterfahren, was dann ebenfalls ungewöhnlich lange dauert. Sowohl bei Firefox als auch IExplorer tritt dieses Problem auf. CCleaner habe ich bereits mehrmals laufen lassen, Festplatte defragmentiert, etc. Ich hatte eine Testversion von Tuneup Utilities wodurch es vorübergehend besser wurde. Nach dem Ablauf der Testversion und dem Löschen des Programms wurde der Laptop (gefühlt) noch langsamer als davor. Zwar hat mein Virenscanner (Avira) keine Meldung gebracht, aber kann dies an eine Virus liegen?  Oder ist es ein Hardwareproblem?? Vielen Dank für eure Hilfe! Anbei meine Logdateien. Viele Grüße Tina |
|
12.02.2012, 16:00
| #2 |
| /// Malware-holic   | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet hi,
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
12.02.2012, 16:42
| #3 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Hi Marcus,
__________________vielen Dank für Deine Hilfe :-D Anbei die Daten: Extras.txtOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 12.02.2012 16:08:27 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,98 Gb Total Physical Memory | 0,36 Gb Available Physical Memory | 4,52% Memory free
15,96 Gb Paging File | 6,78 Gb Available in Paging File | 42,44% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 446,16 Gb Total Space | 381,92 Gb Free Space | 85,60% Space Free | Partition Type: NTFS
Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D72BF42-E249-4EB7-CC4C-8CC09DAB180B}" = ATI Catalyst Install Manager
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23B47A34-0517-48DA-8B76-015DA8546893}" = WD SmartWare
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A000F75A-A246-44A7-8079-9E9E7F9054B2}" = BioExcess
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Überwachungstool für die Intel® Turbo-Boost-Technik 2.0
"{C669FE66-A1D7-F9BC-7A96-38E1CA3B4E02}" = ccc-utility64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"422991454CB076E9B856C21BBF99AF2B82317EDA" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0)
"9201E5BD02AE4540AF31E8A23F8E4A0A8FEFB31C" = ENE CIR Receiver Driver
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04C86876-770B-D976-D2C9-E3697BB339A5}" = CCC Help Portuguese
"{055A9B20-9F50-D23B-8294-1F5F6C9E7B3B}" = CCC Help Finnish
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{1B6354BF-C942-662E-7E55-24B68A5E81E9}" = CCC Help Danish
"{1EAD27F9-EB8F-8AB3-A7FF-670500AB174B}" = CCC Help Dutch
"{22E97BF2-BB24-48DD-B07F-C36C23B43D8F}" = TeamDrive
"{250A5635-1A7C-9A1A-B50D-41246091B7A0}" = CCC Help Italian
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28953E84-BA34-DB27-ABA0-30ABA9BDDD18}" = CCC Help Thai
"{2D5F2E8E-8F4B-5DC9-69D7-1D56952CDF73}" = Catalyst Control Center Localization All
"{2F6B8F9C-A428-4A99-84BF-64C77DDD07BE}" = Catalyst Control Center - Branding
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3218B501-2C34-4483-B2BD-98E3F5D7C25C}" = Acer Arcade Instant On
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B18E1ED-0128-C493-A06F-9A190DEBFF6D}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40674D92-C293-C562-40AF-A092041C7131}" = CCC Help Japanese
"{4968622A-4D3F-489E-9ACE-5FEC4CC0BDE3}" = MediaShow Espresso
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5086BF95-2E26-183E-E63D-D25F9963D2B1}" = PX Profile Update
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{54DE7A11-4E6B-A610-5D09-9EF168AF1E16}" = CCC Help Norwegian
"{582C68AD-87CB-8746-0D96-1F6149FE3791}" = CCC Help Greek
"{5E035607-6888-01F5-3C61-242F4D7B906A}" = CCC Help French
"{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{741C94E4-740F-9276-9403-418C4920D217}" = CCC Help Spanish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8291D08E-B83A-D12D-46FB-CF8A49BE8494}" = CCC Help English
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110265407}" = Bejeweled 2 Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112623650}" = Belles Beauty Boutique
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-116672750}" = World of Goo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117897550}" = 1912 Titanic Mystery
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117932650}" = Sprill and Ritchie
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118399487}" = Farm Frenzy 3 Ice Age
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BD24D6B-5EAB-4D17-D6E5-A2C11B9C78C0}" = CCC Help Korean
"{8D84E39D-3BD0-902B-070C-6672E67632A5}" = CCC Help German
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07DF768-9B01-5713-663F-BC6262CBDE7B}" = CCC Help Turkish
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{B2D6752B-421D-15CA-04CF-C94A8D19701D}" = CCC Help Hungarian
"{B382CDAF-EB10-CACF-C7A4-328C87D1B3FF}" = CCC Help Chinese Traditional
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = Acer Arcade Movie
"{B90DDC15-76CC-C901-4AF3-12713CE141CD}" = CCC Help Polish
"{BA923287-9673-21B4-BB48-18B531817077}" = CCC Help Russian
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C8D4A930-197B-8D54-90AC-761F52AA748E}" = CCC Help Chinese Standard
"{C97623E2-0614-4845-B199-8E8BEC8E131C}_is1" = Acer GameZone Console
"{D1798C28-64A6-C7A9-48DF-6D0BA02A9CA3}" = CCC Help Swedish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D84E711E-19BF-DF66-86E3-D991492C065D}" = ccc-core-static
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E12C6653-1FF0-4686-ADB8-589C13AE761F}" = Citavi
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F42BC1CA-E6FD-E0C2-9730-3670DAC5A473}" = CCC Help Czech
"{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Fingerprint Solution
"{FE041B02-234C-4AAA-9511-80DF6482A458}" = RICOH Media Driver v2.08.13.02
"8461-7759-5462-8226" = Vuze
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Astrocontact Astroplus_is1" = Astrocontact Astroplus
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cortesi Texte für Astroplus_is1" = Cortesi Texte 7.1
"DivX Setup" = DivX-Setup
"Foxit Reader_is1" = Foxit Reader 5.1
"Identity Card" = Identity Card
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}" = newsXpresso
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"InstallShield_{FD588AD4-9150-4A41-83E8-61596E0954E4}" = Acer Bio Protection
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.9.0
"LManager" = Launch Manager
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"VLC media player" = VLC media player 1.1.11
"XMedia Recode" = XMedia Recode 3.0.4.9
"ZoneAlarm" = ZoneAlarm
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"RewardsArcade" = RewardsArcade
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 17.01.2012 05:08:09 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 17.01.2012 05:08:09 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 17.01.2012 05:08:09 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 17.01.2012 05:08:09 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 17.01.2012 05:08:10 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 17.01.2012 05:08:10 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 17.01.2012 05:08:10 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 17.01.2012 05:08:10 | Computer Name = Tina-PC | Source = Windows Search Service | ID = 7010
Description =
Error - 17.01.2012 05:08:12 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.01.2012 15:47:47 | Computer Name = Tina-PC | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 04.10.2011 10:31:37 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 16:31:37 - Fehler beim Herstellen der Internetverbindung. 16:31:37
- Serververbindung konnte nicht hergestellt werden..
Error - 04.10.2011 10:31:47 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 16:31:43 - Fehler beim Herstellen der Internetverbindung. 16:31:43
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 11:22:00 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 16:22:00 - Fehler beim Herstellen der Internetverbindung. 16:22:00
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 11:22:08 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 16:22:06 - Fehler beim Herstellen der Internetverbindung. 16:22:06
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 12:22:13 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 17:22:13 - Fehler beim Herstellen der Internetverbindung. 17:22:13
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 12:22:18 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 17:22:18 - Fehler beim Herstellen der Internetverbindung. 17:22:18
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 13:22:23 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 18:22:23 - Fehler beim Herstellen der Internetverbindung. 18:22:23
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 13:22:28 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 18:22:28 - Fehler beim Herstellen der Internetverbindung. 18:22:28
- Serververbindung konnte nicht hergestellt werden..
Error - 20.11.2011 07:16:55 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 12:16:54 - Fehler beim Herstellen der Internetverbindung. 12:16:54
- Serververbindung konnte nicht hergestellt werden..
Error - 20.11.2011 07:17:06 | Computer Name = Tina-PC | Source = MCUpdate | ID = 0
Description = 12:17:00 - Fehler beim Herstellen der Internetverbindung. 12:17:00
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 11.02.2012 12:44:18 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 11.02.2012 12:44:18 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 11.02.2012 16:47:02 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst FontCache3.0.0.0 erreicht.
Error - 11.02.2012 20:36:26 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Apple Mobile Device erreicht.
Error - 11.02.2012 20:36:26 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 11.02.2012 20:37:43 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 11.02.2012 20:37:44 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 11.02.2012 21:18:51 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "TrueVector Internet Monitor" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 11.02.2012 21:19:34 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ZoneAlarm Toolbar IswSvc" ist als interaktiver Dienst
gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 11.02.2012 21:25:06 | Computer Name = Tina-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.
< End of report >
|
|
12.02.2012, 16:52
| #4 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Hi Marcus, entschuldige, dass es so lange dauert aber als ich OTL gestartet habe, trat das Problem wieder auf (extrem langsam, Maus hängt, Bild teilweise eingefroren) hier noch der OTL.txtOTL Logfile: Code:
ATTFilter OTL logfile created on: 12.02.2012 16:08:26 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Tina\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 0,36 Gb Available Physical Memory | 4,52% Memory free 15,96 Gb Paging File | 6,78 Gb Available in Paging File | 42,44% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 446,16 Gb Total Space | 381,92 Gb Free Space | 85,60% Space Free | Partition Type: NTFS Computer Name: TINA-PC | User Name: Tina | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.02.12 16:04:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe PRC - [2012.02.12 01:07:30 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.01.18 19:54:06 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.09.29 12:20:32 | 004,460,896 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\mysql\bin\TeamDrive2Database.exe PRC - [2011.09.29 12:20:20 | 013,764,960 | ---- | M] (TeamDrive Systems GmbH) -- C:\Users\Tina\TeamDrive2.0\bin\TeamDrive2.exe PRC - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.01.12 17:00:38 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2011.01.06 06:46:48 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2011.01.06 06:46:46 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.11.19 19:19:48 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.11.19 19:19:32 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.11.17 05:39:36 | 000,316,272 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Acer Bio Protection\EgisService.exe PRC - [2010.11.17 05:38:44 | 000,257,904 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe PRC - [2010.11.17 05:38:32 | 000,189,296 | ---- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe PRC - [2010.10.19 14:39:58 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.10.19 14:39:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.09.28 03:00:56 | 000,340,336 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe PRC - [2010.08.10 10:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.08.10 10:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe PRC - [2010.06.28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2012.02.12 01:07:28 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012.01.11 10:49:22 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll MOD - [2012.01.11 10:49:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll MOD - [2011.10.23 13:27:39 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll MOD - [2011.10.23 13:27:39 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\b40ad47b1338dd50c41d2c5571819a09\IAStorCommon.ni.dll MOD - [2011.10.23 13:27:37 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\356136d6f23fe3cde33dc96fbda2df0a\IAStorUtil.ni.dll MOD - [2011.10.23 13:27:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll MOD - [2011.10.23 13:27:29 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll MOD - [2011.10.23 13:27:24 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll MOD - [2011.10.23 13:27:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll MOD - [2011.10.23 13:27:20 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll MOD - [2011.10.23 13:27:16 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll MOD - [2011.09.29 12:21:30 | 000,076,128 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\sqldrivers\qsqlmysql4.dll MOD - [2011.09.29 12:21:26 | 000,289,120 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\imageformats\qtiff4.dll MOD - [2011.09.29 12:21:22 | 000,026,464 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\imageformats\qsvg4.dll MOD - [2011.09.29 12:21:18 | 000,225,120 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\imageformats\qmng4.dll MOD - [2011.09.29 12:21:16 | 000,201,056 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\imageformats\qjpeg4.dll MOD - [2011.09.29 12:21:12 | 000,033,120 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\imageformats\qico4.dll MOD - [2011.09.29 12:21:08 | 000,031,072 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\imageformats\qgif4.dll MOD - [2011.09.29 12:21:04 | 000,193,376 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\crypto\qca-ossl.dll MOD - [2011.09.29 12:21:02 | 000,159,584 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\codecs\qtwcodecs4.dll MOD - [2011.09.29 12:20:58 | 000,082,272 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\codecs\qkrcodecs4.dll MOD - [2011.09.29 12:20:54 | 000,172,384 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\codecs\qjpcodecs4.dll MOD - [2011.09.29 12:20:50 | 000,146,272 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\codecs\qcncodecs4.dll MOD - [2011.09.29 12:20:48 | 000,053,600 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\bearer\qnativewifibearer4.dll MOD - [2011.09.29 12:20:44 | 000,051,040 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\plugins\bearer\qgenericbearer4.dll MOD - [2011.09.29 12:20:32 | 004,460,896 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\mysql\bin\TeamDrive2Database.exe MOD - [2011.09.29 12:20:10 | 002,555,744 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtXmlPatterns4.dll MOD - [2011.09.29 12:20:06 | 000,344,416 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtXml4.dll MOD - [2011.09.29 12:20:02 | 010,697,056 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtWebKit4.dll MOD - [2011.09.29 12:19:58 | 000,280,928 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtSvg4.dll MOD - [2011.09.29 12:19:54 | 000,191,328 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtSql4.dll MOD - [2011.09.29 12:19:52 | 000,974,176 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtNetwork4.dll MOD - [2011.09.29 12:19:48 | 007,955,296 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtGui4.dll MOD - [2011.09.29 12:19:44 | 002,252,640 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\QtCore4.dll MOD - [2011.09.29 12:19:40 | 000,725,344 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\qca.dll MOD - [2011.09.29 12:19:36 | 002,265,440 | ---- | M] () -- C:\Users\Tina\TeamDrive2.0\bin\LIBMYSQL.dll MOD - [2011.07.21 04:41:54 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.19 19:11:34 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.06.09 17:54:22 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.08.01 09:12:52 | 001,338,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService) SRV:64bit: - [2011.08.01 09:12:50 | 001,978,256 | ---- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService) SRV:64bit: - [2011.08.01 09:12:46 | 000,317,328 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService) SRV:64bit: - [2011.02.08 15:00:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.10.08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2010.06.15 16:50:10 | 000,823,288 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.07.20 19:14:53 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011.03.13 09:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service) SRV - [2011.01.12 17:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2011.01.06 06:46:48 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.01.06 06:46:46 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.01.05 14:23:58 | 000,867,712 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.11.19 19:19:48 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.11.17 05:39:36 | 000,316,272 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Acer Bio Protection\EgisService.exe -- (EgisTec Service) SRV - [2010.11.17 05:38:44 | 000,257,904 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2010.08.10 10:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.30 00:52:58 | 000,260,640 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2011.12.08 23:36:47 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.07.20 18:59:27 | 000,036,656 | ---- | M] (EgisTec) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.03.23 05:03:05 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2011.03.23 05:03:05 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2011.03.23 05:03:05 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2011.03.13 09:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.03.13 09:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.03.13 09:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.03.13 09:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.03.13 09:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.03.13 09:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.03.13 09:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 05:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2011.03.10 05:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2011.02.16 15:53:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM) DRV:64bit: - [2011.02.08 15:52:26 | 009,078,272 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.02.08 14:23:04 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.01.12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.06 06:46:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.18 15:29:30 | 001,401,392 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.11.17 00:04:32 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010.10.10 21:56:00 | 000,053,248 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie) DRV:64bit: - [2010.10.08 19:41:00 | 000,070,144 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci) DRV:64bit: - [2010.10.08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.10.06 10:55:54 | 000,406,120 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.09.30 06:00:06 | 000,180,736 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.09.30 06:00:06 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.09.15 19:09:42 | 000,096,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdxc64.sys -- (risdxc) DRV:64bit: - [2010.07.15 22:57:34 | 002,350,952 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010.05.15 16:30:52 | 000,458,840 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant) DRV:64bit: - [2009.12.25 07:09:56 | 000,012,112 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhidma.sys -- (enecirhidma) DRV:64bit: - [2009.12.25 07:09:48 | 000,020,304 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\enecirhid.sys -- (enecirhid) DRV:64bit: - [2009.12.25 07:09:36 | 000,076,112 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\enecir.sys -- (enecir) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2010.06.15 16:49:48 | 000,033,528 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ASPI32.SYS -- (ASPI) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..browser.startup.homepage: "hxxp://www.portalkunstgeschichte.de" FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.02.12 02:40:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\Acer Bio Protection\FFExt [2011.07.20 19:17:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2011.10.05 19:01:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.29 10:55:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox [2012.01.08 20:29:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.02.12 02:19:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 01:07:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.23 21:15:23 | 000,000,000 | ---D | M] [2011.09.29 19:28:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Extensions [2012.02.12 02:19:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\u6fh7ikd.default\extensions [2011.12.25 12:26:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\u6fh7ikd.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.02.12 02:19:14 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Tina\AppData\Roaming\mozilla\Firefox\Profiles\u6fh7ikd.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2012.01.16 13:50:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.05 19:01:10 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX () (No name found) -- C:\USERS\TINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U6FH7IKD.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.12 01:07:31 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 13:01:38 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2011.12.10 23:01:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2011.09.23 02:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.23 02:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.09.23 02:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.09.23 02:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.23 02:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.23 02:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\x64\EgisPBIE.dll (Egis Technology Inc.) O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (215 Apps) O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\Acer Bio Protection\EgisPBIE.dll (Egis Technology Inc.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\Acer Bio Protection\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive2.lnk = C:\Users\Tina\TeamDrive2.0\bin\TeamDrive2.exe (TeamDrive Systems GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{362628DA-F123-4DF8-91AE-26720E8C7478}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{31504807-500c-11e1-986b-b870f4af0453}\Shell - "" = AutoRun O33 - MountPoints2\{31504807-500c-11e1-986b-b870f4af0453}\Shell\AutoRun\command - "" = D:\unlock.exe autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeCS5.5ServiceManager - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: ArcadeMovieService - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: MDS_Menu - hkey= - key= - C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Speech Recognition - hkey= - key= - C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SwitchBoard - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.02.12 16:03:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe [2012.02.12 02:19:42 | 000,000,000 | ---D | C] -- C:\Users\Tina\Documents\ForceField Shared Files [2012.02.12 02:19:42 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\CheckPoint [2012.02.12 02:19:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.02.12 02:19:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ZoneAlarm-Sicherheit [2012.02.12 02:19:02 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint [2012.02.12 02:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2012.02.12 02:18:59 | 000,046,592 | ---- | C] (Zone Labs Inc.) -- C:\Windows\SysWow64\vsutil_loc0407.dll [2012.02.12 02:18:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ZoneLabs [2012.02.12 02:18:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zone Labs [2012.02.12 02:18:21 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2012.02.12 02:18:20 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2012.02.12 01:59:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Tina\Desktop\dds.com [2012.02.05 23:38:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.02.05 19:41:57 | 000,000,000 | ---D | C] -- C:\Program Files\WDCSAM [2012.02.04 14:14:49 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HiJackThis204.exe [2012.01.31 16:13:05 | 000,362,200 | ---- | C] (ComponentOne) -- C:\Windows\SysWow64\VSPRINT7.ocx [2012.01.31 16:13:05 | 000,173,784 | ---- | C] (ComponentOne ) -- C:\Windows\SysWow64\VSPDF.ocx [2012.01.31 16:13:05 | 000,155,648 | ---- | C] (Tools & Components) -- C:\Windows\SysWow64\sevList32.ocx [2012.01.31 16:13:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Astrocontact Astroplus [2012.01.31 16:13:04 | 000,200,704 | ---- | C] (vbAccelerator) -- C:\Windows\SysWow64\vbalExpBar6.ocx [2012.01.31 16:13:04 | 000,040,960 | ---- | C] (<none>) -- C:\Windows\SysWow64\SSubTmr6.dll [2012.01.31 13:15:42 | 000,000,000 | ---D | C] -- C:\Astrocontact [2012.01.28 17:01:27 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\{A5F75EF2-E68A-47FF-A3C4-AF5990F686EF} [2012.01.28 17:01:11 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\{0ACFA508-DFE8-4EF7-ACCC-024637405542} [2012.01.23 22:12:19 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\{AEB54A5D-0F3B-43F1-8C57-C934983DF051} [2012.01.23 22:11:41 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\{7A9B632E-5E4A-4AFA-A61A-0EEF3F286B95} [2012.01.23 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\{448300B8-7474-4A67-A0FD-FC9369449D42} [2012.01.23 22:11:02 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\{A10C10BA-3D81-4AF2-A3AA-60ECD359EBD8} [2012.01.23 22:10:51 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Local\{7F13EE80-F861-4168-9F20-3A0D3A4191A6} [2012.01.20 01:13:58 | 000,000,000 | ---D | C] -- C:\Users\Tina\AppData\Roaming\TuneUp Software [2012.01.20 01:12:53 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2012.01.20 01:12:46 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2011.07.20 19:02:51 | 000,059,992 | ---- | C] ( ) -- C:\Windows\AutosetFrequency.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.02.12 16:04:11 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Tina\Desktop\OTL.exe [2012.02.12 14:32:50 | 000,000,000 | ---- | M] () -- C:\Users\Tina\defogger_reenable [2012.02.12 13:35:37 | 000,009,000 | ---- | M] () -- C:\Users\Tina\Desktop\Logfiles.zip [2012.02.12 13:12:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 13:12:26 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.02.12 13:05:46 | 000,001,814 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive2.lnk [2012.02.12 13:04:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.02.12 02:19:52 | 000,420,800 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.02.12 02:19:00 | 000,005,977 | ---- | M] () -- C:\Windows\SysWow64\vsconfig.xml [2012.02.12 01:59:59 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Tina\Desktop\dds.com [2012.02.12 01:59:18 | 000,050,477 | ---- | M] () -- C:\Users\Tina\Desktop\Defogger.exe [2012.02.12 01:37:23 | 004,869,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.11 17:49:07 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.02.11 17:49:07 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.02.11 17:49:07 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.02.11 17:49:07 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.02.11 17:49:07 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.02.11 13:54:09 | 000,007,606 | ---- | M] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg [2012.02.08 16:32:07 | 000,003,070 | ---- | M] () -- C:\Windows\ASTPLUS.INI [2012.02.08 16:32:07 | 000,000,086 | ---- | M] () -- C:\Windows\astagctl.ini [2012.02.06 00:21:54 | 000,000,020 | ---- | M] () -- C:\Windows\TùE [2012.02.04 14:14:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Tina\Desktop\HiJackThis204.exe [2012.02.04 14:08:10 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.02.01 10:53:02 | 000,000,124 | ---- | M] () -- C:\Windows\wininit.ini [2012.02.01 10:52:59 | 000,000,997 | ---- | M] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2012.01.31 16:49:00 | 000,086,289 | ---- | M] () -- C:\Users\Tina\Documents\Transitprognose Tina.pdf [2012.01.31 16:48:08 | 000,076,678 | ---- | M] () -- C:\Users\Tina\Documents\Beruf-Tina.pdf [2012.01.31 16:42:58 | 000,191,265 | ---- | M] () -- C:\Users\Tina\Documents\Cortesi_Lang_Tina.pdf [2012.01.31 16:13:05 | 000,001,751 | ---- | M] () -- C:\Users\Public\Desktop\Astroplus.lnk [2012.01.31 16:13:05 | 000,001,741 | ---- | M] () -- C:\Users\Public\Desktop\Astroplus (classic Design).lnk [2012.01.31 16:13:05 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\Planetary Hours.lnk [2012.01.23 16:04:08 | 246,713,734 | ---- | M] () -- C:\Users\Tina\Desktop\CLOVIO-VORTRAG.pdf [2012.01.22 17:33:30 | 002,074,295 | ---- | M] () -- C:\Users\Tina\Desktop\Weltkunst Nr.11-11.pdf [2012.01.22 17:33:22 | 000,011,690 | ---- | M] () -- C:\Users\Tina\Desktop\**** Nach dem Urteil.pdf [2012.01.20 15:13:34 | 000,033,303 | ---- | M] () -- C:\Users\Tina\Desktop\ART Magazin Kunstverein Freiburg - _Das Thema Kunst und Fälschung hat Potenzial.pdf [2012.01.20 15:08:09 | 005,777,702 | ---- | M] () -- C:\Users\Tina\Desktop\***_kunstchronik64.pdf [2012.01.19 17:33:08 | 003,449,288 | ---- | M] () -- C:\Users\Tina\Desktop\Semir zeki art and the brain 1998.PDF [2012.01.19 15:35:13 | 000,021,869 | ---- | M] () -- C:\Users\Tina\Desktop\_PM-Zivilprozess Trasteco gegen Lempertz.pdf [2012.01.19 14:14:38 | 000,495,198 | ---- | M] () -- C:\Users\Tina\Desktop\schutz des kulturgutes.PDF [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.02.12 14:32:50 | 000,000,000 | ---- | C] () -- C:\Users\Tina\defogger_reenable [2012.02.12 13:35:37 | 000,009,000 | ---- | C] () -- C:\Users\Tina\Desktop\Logfiles.zip [2012.02.12 02:19:00 | 000,005,977 | ---- | C] () -- C:\Windows\SysWow64\vsconfig.xml [2012.02.12 02:18:48 | 000,420,800 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml [2012.02.12 01:59:18 | 000,050,477 | ---- | C] () -- C:\Users\Tina\Desktop\Defogger.exe [2012.02.12 01:35:14 | 004,869,192 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.02.11 13:54:09 | 000,007,606 | ---- | C] () -- C:\Users\Tina\AppData\Local\Resmon.ResmonCfg [2012.02.06 00:21:51 | 000,000,020 | ---- | C] () -- C:\Windows\TùE [2012.02.01 10:53:02 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini [2012.01.31 16:49:00 | 000,086,289 | ---- | C] () -- C:\Users\Tina\Documents\Transitprognose Tina.pdf [2012.01.31 16:48:07 | 000,076,678 | ---- | C] () -- C:\Users\Tina\Documents\Beruf-Tina.pdf [2012.01.31 16:42:57 | 000,191,265 | ---- | C] () -- C:\Users\Tina\Documents\Cortesi_Lang_Tina.pdf [2012.01.31 16:20:25 | 000,000,086 | ---- | C] () -- C:\Windows\astagctl.ini [2012.01.31 16:13:05 | 000,001,751 | ---- | C] () -- C:\Users\Public\Desktop\Astroplus.lnk [2012.01.31 16:13:05 | 000,001,741 | ---- | C] () -- C:\Users\Public\Desktop\Astroplus (classic Design).lnk [2012.01.31 16:13:05 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\Planetary Hours.lnk [2012.01.31 16:13:04 | 000,544,256 | ---- | C] () -- C:\Windows\SysWow64\janGraphics.dll [2012.01.31 16:13:04 | 000,245,760 | ---- | C] () -- C:\Windows\SysWow64\ActMenu.ocx [2012.01.31 16:13:04 | 000,031,232 | ---- | C] () -- C:\Windows\SysWow64\PicFX.dll [2012.01.31 14:35:04 | 000,003,070 | ---- | C] () -- C:\Windows\ASTPLUS.INI [2012.01.23 16:04:56 | 246,713,734 | ---- | C] () -- C:\Users\Tina\Desktop\CLOVIO-VORTRAG.pdf [2012.01.22 17:33:28 | 002,074,295 | ---- | C] () -- C:\Users\Tina\Desktop\Weltkunst Nr.11-11.pdf [2012.01.22 17:33:22 | 000,011,690 | ---- | C] () -- C:\Users\Tina\Desktop\****Nach dem Urteil.pdf [2012.01.20 22:33:32 | 025,972,132 | ---- | C] () -- C:\Users\Tina\Desktop\VN850002.WMA [2012.01.20 15:13:31 | 000,033,303 | ---- | C] () -- C:\Users\Tina\Desktop\ART Magazin Kunstverein Freiburg - _Das Thema Kunst und Fälschung hat Potenzial.pdf [2012.01.20 15:04:58 | 005,777,702 | ---- | C] () -- C:\Users\Tina\Desktop\****kunstchronik64.pdf [2012.01.19 22:30:34 | 000,001,814 | ---- | C] () -- C:\Users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TeamDrive2.lnk [2012.01.19 17:34:13 | 003,449,288 | ---- | C] () -- C:\Users\Tina\Desktop\Semir zeki art and the brain 1998.PDF [2012.01.19 15:35:11 | 000,021,869 | ---- | C] () -- C:\Users\Tina\Desktop\_PM-Zivilprozess Trasteco gegen Lempertz.pdf [2012.01.19 14:18:25 | 000,495,198 | ---- | C] () -- C:\Users\Tina\Desktop\schutz des kulturgutes.PDF [2011.12.07 15:19:51 | 000,000,000 | ---- | C] () -- C:\Windows\BisMasClient.INI [2011.11.19 20:42:53 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2011.11.19 20:42:48 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.11.19 20:42:48 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.11.19 20:42:47 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2011.10.05 19:23:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.20 19:09:21 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.07.20 19:02:51 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe [2011.07.20 19:02:51 | 000,193,400 | ---- | C] () -- C:\Windows\flicker.dll [2011.07.20 19:02:51 | 000,066,424 | ---- | C] () -- C:\Windows\setpwlin.exe [2011.07.20 19:02:51 | 000,000,673 | ---- | C] () -- C:\Windows\AutoSetFrequency.ini [2011.07.20 19:02:51 | 000,000,378 | ---- | C] () -- C:\Windows\PidList.ini [2011.07.20 19:00:30 | 000,003,126 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.04.22 07:47:43 | 000,003,126 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.03.23 05:12:32 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.03.23 04:36:27 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== LOP Check ========== [2012.02.04 14:13:18 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Azureus [2012.02.12 02:19:42 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\CheckPoint [2011.11.03 11:28:07 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.02.12 13:05:43 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Dropbox [2011.11.20 16:43:35 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Foxit Software [2011.10.05 17:49:10 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\newsXpresso [2011.10.09 18:20:44 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\pdfforge [2011.09.29 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\PowerCinema [2012.01.28 12:38:05 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Swiss Academic Software [2012.02.12 13:05:52 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TeamDrive [2012.01.20 01:13:58 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\TuneUp Software [2011.11.12 12:31:15 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\Windows Live Writer [2011.12.04 14:24:31 | 000,000,000 | ---D | M] -- C:\Users\Tina\AppData\Roaming\XMedia Recode [2011.12.01 09:48:47 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2011.10.05 22:12:32 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.09.29 22:03:11 | 000,000,000 | -H-D | M] -- C:\Acer Demo [2012.01.31 13:15:42 | 000,000,000 | ---D | M] -- C:\Astrocontact [2011.07.20 18:51:59 | 000,000,000 | ---D | M] -- C:\book [2012.02.06 00:50:29 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.09.29 18:16:08 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.23 04:26:51 | 000,000,000 | ---D | M] -- C:\Intel [2011.10.05 19:17:01 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.09.29 18:18:00 | 000,000,000 | -H-D | M] -- C:\OEM [2012.02.11 18:13:04 | 000,000,000 | -H-D | M] -- C:\PerfLogs [2012.02.12 02:19:02 | 000,000,000 | R--D | M] -- C:\Program Files [2012.02.12 02:19:10 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.02.12 02:18:21 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.09.29 18:16:08 | 000,000,000 | -HSD | M] -- C:\Programme [2011.09.29 18:16:08 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.02.12 16:10:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.09.29 18:16:14 | 000,000,000 | R--D | M] -- C:\Users [2011.12.22 15:32:33 | 000,000,000 | ---D | M] -- C:\Western Digital [2012.02.12 02:21:24 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.01.12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.01.12 16:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll < %USERPROFILE%\*.* > [2012.02.12 14:32:50 | 000,000,000 | ---- | M] () -- C:\Users\Tina\defogger_reenable [2012.02.12 16:10:28 | 002,621,440 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT [2012.02.12 16:10:28 | 000,262,144 | -HS- | M] () -- C:\Users\Tina\ntuser.dat.LOG1 [2011.09.29 18:16:24 | 000,000,000 | -HS- | M] () -- C:\Users\Tina\ntuser.dat.LOG2 [2012.01.21 18:35:00 | 000,000,000 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT_tureg_new.LOG1 [2012.01.21 18:35:00 | 000,000,000 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT_tureg_new.LOG2 [2012.01.21 18:32:37 | 002,621,440 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT_tureg_old [2011.09.29 18:28:28 | 000,065,536 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.09.29 18:28:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.09.29 18:28:28 | 000,524,288 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.01.21 23:53:42 | 000,065,536 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT{f9773e9c-4455-11e1-a2ea-806e6f6e6963}.TM.blf [2012.01.21 23:53:42 | 000,524,288 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT{f9773e9c-4455-11e1-a2ea-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012.01.21 23:53:42 | 000,524,288 | -HS- | M] () -- C:\Users\Tina\NTUSER.DAT{f9773e9c-4455-11e1-a2ea-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2010.11.21 03:50:53 | 000,000,020 | -HS- | M] () -- C:\Users\Tina\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > |
|
12.02.2012, 17:30
| #5 |
| /// Malware-holic | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastetCombofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2012, 18:08
| #6 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Hi Marcus, Ich habe alles wie in dem Tutorial erklärt ausgeführt und jetzt funktioniert weder firefox noch IExplorer. Die Meldung, die erscheint lautet: Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde. Wenn ich auf ok klicke erscheint: Dieses Element kann nicht geöffnet werden. Möglicherweise wurde es verschoben, umbenannt oder gelöscht. Möchten Sie dieses Element entfernen? Danach klicke ich auf nein. Wie komme ich denn jetzt ins Netz, um dir den Log con ComboFix zu schicken?? Gruß Tina |
|
12.02.2012, 18:10
| #7 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Oh je, das erscheint mittlerweile bei allen Programmen, sogar bei der Combofix.txt wenn ich sie anklicke. Hilfe |
|
12.02.2012, 18:13
| #8 |
| /// Malware-holic | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet bitte mal neustarten dann gehts wieder.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2012, 18:18
| #9 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Danke Marcus!! Es halt geholfen Puuhh :-D Anbei das Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-02-10.03 - Tina 12.02.2012 17:43:46.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8174.5141 [GMT 1:00]
ausgeführt von:: c:\users\Tina\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\RewardsArcade
c:\program files (x86)\RewardsArcade\appAPIinternalWrapper.js
c:\program files (x86)\RewardsArcade\fb.js
c:\program files (x86)\RewardsArcade\jquery.js
c:\program files (x86)\RewardsArcade\json.js
c:\program files (x86)\RewardsArcade\RewardsArcade.dll
c:\program files (x86)\RewardsArcade\RewardsArcade.exe
c:\program files (x86)\RewardsArcade\Uninstall.exe
c:\program files (x86)\RewardsArcade\UserConfirmation.exe
c:\programdata\FullRemove.exe
c:\users\Tina\AppData\Local\assembly\tmp
c:\windows\security\Database\tmp.edb
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-01-12 bis 2012-02-12 ))))))))))))))))))))))))))))))
.
.
2012-02-12 16:47 . 2012-02-12 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-12 01:19 . 2012-02-12 01:19 -------- d-----w- c:\users\Tina\AppData\Roaming\CheckPoint
2012-02-12 01:19 . 2012-02-12 01:19 -------- d-----w- c:\program files (x86)\Conduit
2012-02-12 01:19 . 2012-02-12 01:19 -------- d-----w- c:\program files (x86)\ZoneAlarm-Sicherheit
2012-02-12 01:19 . 2012-02-12 01:19 -------- d-----w- c:\program files\CheckPoint
2012-02-10 19:12 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CF442FF-2798-4CAA-93BF-7D122029987E}\mpengine.dll
2012-02-05 18:41 . 2012-02-05 18:41 -------- d-----w- c:\program files\WDCSAM
2012-01-31 12:15 . 2000-07-14 22:00 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL
2012-01-31 12:15 . 2012-01-31 12:15 -------- d-----w- C:\Astrocontact
2012-01-20 00:13 . 2012-01-20 00:13 -------- d-----w- c:\users\Tina\AppData\Roaming\TuneUp Software
2012-01-20 00:12 . 2012-01-20 00:14 -------- d-----w- c:\programdata\TuneUp Software
2012-01-20 00:12 . 2012-01-20 00:12 -------- d-sh--w- c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-01-16 12:50 . 2012-02-12 00:07 45016 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-16 12:50 . 2012-01-16 12:50 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-16 12:50 . 2012-01-16 12:50 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-16 12:50 . 2012-01-16 12:50 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-26 23:52 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 22:01 . 2011-12-10 22:01 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-12-10 18:56 . 2011-12-10 18:56 230864 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2011-12-08 22:36 . 2011-11-28 14:23 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-11-24 04:52 . 2011-12-16 00:05 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-20 12:23 . 2011-10-04 17:43 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-11-20 12:22 . 2011-10-04 17:43 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-11-20 12:22 . 2011-10-07 11:56 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-11-19 14:58 . 2012-01-11 09:52 77312 ----a-w- c:\windows\system32\packager.dll
2011-11-19 14:01 . 2012-01-11 09:52 67072 ----a-w- c:\windows\SysWow64\packager.dll
2011-11-17 06:41 . 2012-01-11 09:52 1731920 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:38 . 2012-01-11 09:52 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2011-11-16 10:13 . 2011-09-29 18:14 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-11-16 10:13 . 2011-09-29 18:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-11-16 10:13 . 2011-09-29 18:14 1092400 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-09-28 340336]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-10-19 407920]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-10-19 201584]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-11-19 265984]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-08 336384]
"VitaKeyTSR"="c:\program files (x86)\Acer Bio Protection\EgisTSR.exe" [2010-11-17 189296]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2010-06-28 1043968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
c:\users\Tina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Tina\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-1-18 24246216]
TeamDrive2.lnk - c:\users\Tina\TeamDrive2.0\bin\TeamDrive2.exe [2011-9-29 13764960]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\drivers\enecirhid.sys [x]
R3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\drivers\enecirhidma.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-10-08 150016]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\Acer Bio Protection\EgisService.exe [2010-11-17 316272]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-11-17 257904]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-01-05 867712]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2010-06-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2010-06-15 823288]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-01-31 244624]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-11-19 255744]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimspe64.sys [x]
S2 risdxc;risdxc;c:\windows\system32\drivers\risdxc64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\drivers\rixdpe64.sys [x]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2010-01-29 260640]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-01-06 2656280]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [x]
S3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Tina\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-10-26 11543656]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-10-26 2181224]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-09 206208]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-01-05 860040]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2010-06-15 1123320]
"combofix"="c:\combofix\CF12597.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Tina\AppData\Roaming\Mozilla\Firefox\Profiles\u6fh7ikd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.portalkunstgeschichte.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-RewardsArcade - c:\program files (x86)\RewardsArcade\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\0a\03\05\10\0a\0b?"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-12 17:54:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-02-12 16:54
.
Vor Suchlauf: 9 Verzeichnis(se), 409.859.092.480 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 409.420.812.288 Bytes frei
.
- - End Of File - - D68EB9DCEBE9A8270CD783837DB9FD1D
|
|
12.02.2012, 18:23
| #10 |
| /// Malware-holic | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet sieht soweit unauffällig aus. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.02.2012, 23:18
| #11 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Hi Markus, anbei das Logfile: Malwarebytes Anti-Malware (Test) 1.60.1.1000 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: v2012.02.12.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Tina :: TINA-PC [Administrator] Schutz: Aktiviert 12.02.2012 22:27:26 mbam-log-2012-02-12 (22-27-26).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 338155 Laufzeit: 46 Minute(n), 6 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 14 C:\Users\Tina\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 48 C:\Users\Tina\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-min.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.css (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\b.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\bl.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\br.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\closelabel.gif (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\loading.gif (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tl.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images\tr.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Tina\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
13.02.2012, 11:21
| #12 |
| /// Malware-holic | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet bisher wurde nur adware gefunden. gibts denn schon ne besserung? lade den CCleaner standard: CCleaner Download - CCleaner 3.15.1643 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.02.2012, 12:00
| #13 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Hi Markus, ich hatte gestern Abend den Eindruck, es sei besser geworden bis ich ein PDF-Dokument in Firefox geöffnet habe und das Spiel von vorne losging. Ich finde für diesen Laptop braucht er auch viel zu lange um Hochzufahren ( ca. 4 Minuten) und Firefox öffnet sich erst nach 3 Minuten nach dem Anklicken. Der Lüfter läuft auch deutlich hörbarer als am Anfang. Anbei die Liste aus CCleaner: Vielen Dank! Viele Grüße Tina |
|
13.02.2012, 12:24
| #14 |
| /// Malware-holic | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet wie alt ist das gerät denn? ist noch garantie drauf. ich frage deswegen, es könnte sein, das sich da schon dreck drinnen gesammelt hatt, wenn der laptop leicht zu öffnen ist, sollte man ihn vllt auch mal von innen reinigen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.02.2012, 12:27
| #15 |
| | Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet Das Gerät habe ich im September letzten Jahres gekauft also gerade mal 5 Monate alt. Es ist ein Acer Aspire 5950G. Wie öffne ich den denn, um den Lüfter oder generell um ihn zu reinigen? |
|
| Themen zu Laptop wird nach 2 Stunden sehr langsam, Arbeitsspeicher zu 99 % ausgelastet |
| ablauf, acer, ausgelastet, avira, ccleaner, festplatte, firefox, folge, forum, herunterfahren, hilfe!, iexplorer, internet, langsam, langsamer, laptop, löschen, maus, meldung, nicht mehr, problem, reagiert nicht mehr, scan, sehr langsam, surfen, virenscanner, virus |
Linear-Darstellung
