Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)

Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


Plagegeister aller Art und deren Bekämpfung: Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.02.2013, 20:17   #1
lagottesca
 
Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) - Standard

Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


Hallo in die Runde,

habe folgendes Problem: Mein geliebtes Acer-Timeline-Netbook unter Windows 7 (32-bit) verhält sich von einem Tag auf den anderen merkwürdig: Alles reagiert/lädt quälend langsam. Zuvor wurde über die automatische Update-Version eine relativ große Anzahl von Updates installiert. Bin mir aber nicht sicher, ob ein Zusammenhang dazu besteht.

Das Phänomen ist zwischenzeitlich auch unvermittelt verschwunden, aber genauso unvermittelt wieder aufgetreten.

Mein Virenscanner (Avira) meldet keine Probleme; ich habe Scans mit ein paar Malware-Tools (Malwarebytes, Spybot, Emsisoft) gemacht, die auch ein paar kleine Probleme behoben, aber wohl nichts Kritisches gefunden haben.

Das Ergebnis des OTL-SCANS kann ich nicht wirklich interpretieren. Kann jemand mal einen Blick darauf werfen und mit ein paar Tipps zu vorhandenen Problemen und deren Lösungen geben? Wäre super nett...

Danke, lagrottesca

Hier der Inhalt der OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.02.2013 22:22:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Userin\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 41,96% Memory free
3,87 Gb Paging File | 2,17 Gb Available in Paging File | 56,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,88 Gb Total Space | 114,08 Gb Free Space | 51,65% Space Free | Partition Type: NTFS
Drive D: | 3,63 Gb Total Space | 3,10 Gb Free Space | 85,37% Space Free | Partition Type: FAT32
Drive W: | 5,25 Gb Total Space | 5,19 Gb Free Space | 98,95% Space Free | Partition Type: FAT32
 
Computer Name: Userin-Rotbart | User Name: Userin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Userin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe (Adobe Systems Incorporated)
PRC - C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\phonostar-Player\phonostarTimer.exe ()
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Users\Userin\AppData\Roaming\Wuala\Wuala.exe (LaCie)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\schtasks.exe (Microsoft Corporation)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer ePower Management\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\WerFault.exe (Microsoft Corporation)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Programme\Selective Suspend Driver\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Programme\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Userin\AppData\Local\Temp\proxy_util_w32.dll ()
MOD - C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
MOD - c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\proxy_util_w32.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\jnotify.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\jcbfs3.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\orangevolt-4n-1.1.2.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\USBDiscovery.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\DiscoveryJNI.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\PAL.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\NetworkProtocol.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\Discovery.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\NetworkDiscovery.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\bwSerialize.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\bwWualaID.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\bwDeviceIdentification.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\bwMeMyselfAndI.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\bwGenericID.dll ()
MOD - C:\Users\Userin\AppData\Local\Wuala\Program0\lib.429\LoggerJNI.dll ()
MOD - C:\Programme\phonostar-Player\phonostarTimer.exe ()
MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Programme\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (XJ) -- C:\Users\Userin\AppData\Local\Temp\XJ.exe File not found
SRV - (NIPTXUZZ) -- C:\Users\Userin\AppData\Local\Temp\NIPTXUZZ.exe File not found
SRV - (KYYQHQZ) -- C:\Users\Userin\AppData\Local\Temp\KYYQHQZ.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (ABBYY.Licensing.FineReader.ScreenshotReader.9.0) -- C:\Programme\ABBYY Screenshot Reader\NetworkLicenseServer.exe (ABBYY)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (RS_Service) -- C:\Programme\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (CVPND) -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (AVM IGD CTRL Service) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (de_serv) -- C:\Programme\Common Files\AVM\De_serv.exe (AVM Berlin)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (cbfs3) -- C:\Windows\System32\drivers\cbfs3.sys (EldoS Corporation)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NETw5s32) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (SSUSB) -- C:\Windows\System32\drivers\SSUSB.sys (Alcor Micro, Corp.)
DRV - (SSDISK) -- C:\Windows\System32\drivers\SSDISK.sys (Alcor Micro, Corp.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (DPMemGridVista) -- C:\Programme\GridVista\DPMemGridVista.sys (Dritek System Inc.)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI)
DRV - (sscdbus) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI)
DRV - (CPen20) -- C:\Windows\System32\drivers\CPen20.sys (Anoto)
DRV - (pendfu) -- C:\Windows\System32\drivers\pendfu.sys (Anoto AB)
DRV - (int15.sys) -- C:\Windows\System32\OEM\factory\int15.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810t&r=2v3508099116l0373zqi5w47l1r546
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810t&r=2v3508099116l0373zqi5w47l1r546
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4112_1&babsrc=HP_clro&mntrId=b24612e00000000000000022fb5b3f73
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_1810t&r=2v3508099116l0373zqi5w47l1r546
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4112_1&babsrc=SP_clro&mntrId=b24612e00000000000000022fb5b3f73
IE - HKCU\..\SearchScopes\{18E64F51-9B7E-4F83-9F55-147252335E19}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE353
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{753359EA-0155-484C-ACDB-C8835E2EBF32}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{841B740A-970B-45F9-AC03-3F5B4FDE0747}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{D303ED04-4AFE-4D2B-BA0F-64AEEEEA61E2}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\phonostar-Player\npphonostarDetectNP.dll ( )
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.05.30 08:14:40 | 000,000,000 | ---D | M]
 
[2012.10.12 14:47:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Virtual Storage Mount Notification) - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\Selective Suspend Driver\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [phonostar-PlayerTimer] C:\Program Files\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [phonostarTimer] C:\Programme\phonostar-Player\phonostarTimer.exe ()
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Users\Userin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
O4 - Startup: C:\Users\Userin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Userin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wuala.lnk = C:\Users\Userin\AppData\Roaming\Wuala\Wuala.exe (LaCie)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.191.74.12 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E99820C0-66A5-4471-ABA9-E1614786DC5D}: DhcpNameServer = 213.191.74.12 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\261123~1.78\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.6.1123.78\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\Windows\System32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.16 22:21:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Userin\Desktop\OTL.exe
[2013.02.16 19:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.16 19:27:34 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.02.16 19:27:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013.02.16 19:26:45 | 000,000,000 | ---D | C] -- C:\Users\Userin\AppData\Local\Programs
[2013.02.14 13:19:56 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.02.14 13:19:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.02.14 13:19:54 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.02.14 13:19:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.02.14 13:19:53 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.02.14 13:19:52 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.02.14 13:19:52 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.02.14 13:19:50 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.02.13 09:10:22 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.02.13 09:09:47 | 003,967,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.02.13 09:09:45 | 003,913,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.02.13 09:09:41 | 000,187,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2013.02.13 09:09:37 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.02.10 19:04:34 | 000,000,000 | ---D | C] -- C:\Users\Userin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth-Geräte
[2013.01.24 11:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.24 11:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009.12.27 15:25:57 | 000,385,024 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResJap.dll
[2009.12.27 15:25:57 | 000,188,416 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResIt.dll
[2009.12.27 15:25:56 | 000,385,024 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResCht.dll
[2009.12.27 15:25:56 | 000,311,296 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResChs.dll
[2009.12.27 15:25:56 | 000,208,896 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResEsp.dll
[2009.12.27 15:25:56 | 000,204,800 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResFra.dll
[2009.12.27 15:25:56 | 000,196,608 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResDeu.dll
[2009.12.27 15:25:56 | 000,118,784 | ---- | C] (Sophos Plc) -- C:\Program Files\SavResEng.dll
[2009.12.27 15:25:53 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiW.exe
[2009.12.27 15:25:53 | 000,310,312 | ---- | C] (Sophos Plc) -- C:\Program Files\Setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.16 22:21:53 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Userin\Desktop\OTL.exe
[2013.02.16 21:36:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.16 14:32:23 | 000,664,868 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.02.16 14:32:23 | 000,625,010 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.02.16 14:32:23 | 000,135,004 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.02.16 14:32:23 | 000,110,648 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.02.16 13:31:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.15 12:41:22 | 000,003,943 | ---- | M] () -- C:\Users\Userin\.recently-used.xbel
[2013.02.15 09:26:18 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 09:26:18 | 000,011,424 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.15 09:17:47 | 1556,283,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.14 17:09:26 | 000,398,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.02.08 09:57:53 | 000,697,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.02.08 09:57:52 | 000,074,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.01.24 11:19:17 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.15 12:41:22 | 000,003,943 | ---- | C] () -- C:\Users\Userin\.recently-used.xbel
[2013.01.24 11:19:17 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.07.26 06:34:44 | 000,024,064 | ---- | C] () -- C:\Windows\System32\ml285pl3.dll
[2010.04.01 16:36:08 | 000,000,093 | ---- | C] () -- C:\Users\Userin\AppData\Local\fusioncache.dat
[2009.12.27 17:59:38 | 000,009,728 | ---- | C] () -- C:\Users\Userin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.27 15:25:52 | 000,073,384 | R--- | C] () -- C:\Program Files\readsesc_90_eng.html
[2009.12.26 21:44:58 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.15 14:52:32 | 000,000,184 | ---- | C] () -- C:\Users\Userin\AppData\Roaming\wklnhst.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:131C0EE9
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:BB24555F
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:8750DCE4

< End of report >
--- --- ---

Und hier die Extras.txt:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 16.02.2013 22:22:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Userin\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,93 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 41,96% Memory free
3,87 Gb Paging File | 2,17 Gb Available in Paging File | 56,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220,88 Gb Total Space | 114,08 Gb Free Space | 51,65% Space Free | Partition Type: NTFS
Drive D: | 3,63 Gb Total Space | 3,10 Gb Free Space | 85,37% Space Free | Partition Type: FAT32
Drive W: | 5,25 Gb Total Space | 5,19 Gb Free Space | 98,95% Space Free | Partition Type: FAT32
 
Computer Name: Rotbart | User Name: Userin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SynkronDelete] -- "C:\Program Files\Synkron\Synkron.exe" "-delete" "%1" ()
Directory [SynkronRename] -- "C:\Program Files\Synkron\Synkron.exe" "-rename" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{060BAD4A-8F54-48E5-808A-D3E42DB1FFBC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{16C5959A-7FD6-4D9B-ACC8-1F1911AC5700}" = lport=138 | protocol=17 | dir=in | app=system | 
"{1FC43828-9E99-417F-9152-6509D3F98EE6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{203CC2E0-1D93-4491-ACA9-FB20B3E9796F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{2ABF8546-8DB3-4B19-A1D7-62FDDAE6BDE6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2B3FF6ED-135F-4321-A741-47109F882F84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2BBB61B7-9C86-41E7-954E-778492617198}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{34215472-20CA-4850-A9A1-9004C8F8AA77}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{43562FDD-0902-40E7-ADF3-D5A3957255C9}" = rport=138 | protocol=17 | dir=out | app=system | 
"{47A11A76-B994-41F6-8086-03D3D951E458}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{523727AE-297A-4022-A86F-9F3697911BE2}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{59B1097D-840B-4681-91C0-6B1E03273BBB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{60DD9996-1757-4A83-9318-B3A451047550}" = lport=445 | protocol=6 | dir=in | app=system | 
"{60FFB851-F309-4677-A95B-332829F5BD60}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D8CD504-DC52-47AE-9A33-380833905DFD}" = rport=139 | protocol=6 | dir=out | app=system | 
"{873CA610-DB00-4074-B268-CA44A189F476}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8847C3D7-1DDC-4B90-B83A-C18A2C02D8C7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{9124D24E-574E-48C0-8CCC-75CEA59510AE}" = lport=137 | protocol=17 | dir=in | app=system | 
"{AE092C56-987A-4F0F-B98B-569B41F61BB9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B7C7F9D0-7FF1-4581-9176-CB9EDAB17C92}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC643257-1B98-4604-9C84-9220A192BC07}" = rport=445 | protocol=6 | dir=out | app=system | 
"{D68B4E06-F5B1-4C47-ADD6-C6A009ADB50E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D89DD9C6-EC2E-490F-A56E-0F7597CDA94F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{EC172AA2-DF17-489D-AD0C-A9B5192FE303}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F01FC741-5E90-4B49-BBAE-4E2CF7294EC4}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08F99553-93F5-4611-A1CE-919A97F62D3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D28A44C-DCF1-4F59-A405-C896D830FFCB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0F9E89E8-C147-4F64-B11D-5D7F5B202ADD}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe | 
"{11DEDEDC-7197-419C-935C-EE7B6978AE24}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{20042F31-5616-4868-AEFA-5CCDB6EF168A}" = protocol=6 | dir=in | app=c:\users\Userin\programme\audiotranskription\f4\f4.exe | 
"{20BCD440-B403-44A7-A77E-C1ED19FAB7F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{34DDF142-4035-4B88-859D-1C00F4BCEF62}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{37907266-C5AA-4358-B78F-9F466504F7EC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{3C4CF53E-20B6-46E8-BC00-D2B8E5828C27}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4024E495-54BB-4E24-9541-102BBF1511D3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{438F4D99-3C10-4494-B768-C767D5D9A858}" = protocol=17 | dir=in | app=c:\users\Userin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{48475BCD-D48D-4632-879E-9921E304E602}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{501562FD-81C5-4CE0-8A26-9002AC956937}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{52696127-3E41-45BE-A7EA-391F1D70ABD1}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{52E9F7D4-04F3-484C-8DCB-AE93F37F5C8F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{54EFB790-D6C1-4E6A-A2A4-121CBB043647}" = dir=in | app=c:\program files\cyberlink\powerdvd8\powerdvd8.exe | 
"{5E06D5BA-E2F6-42A9-BB60-0887335562CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{61F91CB5-F10F-4BC8-B437-A38221C23011}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{66CB6D2B-E056-4090-9288-27FF1E6BC2E9}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{68269973-B01D-4180-9521-B16AE3BCE647}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe | 
"{6EBD6B10-D025-4F43-A0AD-E16718AEE1B6}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{734F1E22-3429-463E-B4F1-29A8DCFE4D80}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{893D4701-A3A7-4275-8BE6-0223948E6104}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{9C9AA5D3-0F87-4A39-8935-5334B08F8FE8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9C9B4EEC-5378-49CA-9D9A-34B2B4131D67}" = protocol=6 | dir=in | app=c:\users\Userin\appdata\roaming\dropbox\bin\dropbox.exe | 
"{A50A5AFC-14BB-4AA9-85C1-342AC2A3AF57}" = protocol=17 | dir=in | app=c:\users\Userin\programme\audiotranskription\f4\f4.exe | 
"{AD90CCE0-3039-4845-A7B3-4152333CF184}" = protocol=6 | dir=out | app=system | 
"{B267F8F2-2981-4313-B5EA-A544B056CCBB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DE50EC3A-B0CC-44EB-A635-D977B35AD642}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{E0EECB9E-0F02-4271-B956-B74CDE577C4B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F09A297D-7A64-44A1-9539-9BDBAA19944E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F18A1A50-D8FB-482A-8E53-8B0D9F622F35}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"TCP Query User{12331842-9813-4D8C-9319-BF6E563ACB7A}C:\program files\synkron\synkron.exe" = protocol=6 | dir=in | app=c:\program files\synkron\synkron.exe | 
"TCP Query User{2BAA1887-99B4-4C50-84FF-2CE489D089F4}C:\users\Userin\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\Userin\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{393F2313-3696-45C5-AD5C-60ED3F9FA7E4}C:\program files\synkron\synkron.exe" = protocol=6 | dir=in | app=c:\program files\synkron\synkron.exe | 
"TCP Query User{55F22A43-655B-4008-A0B1-206B83E76159}C:\program files\phonostar-player\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"TCP Query User{790D7983-86A7-4953-BF88-A7064F22092B}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"TCP Query User{9045FD5E-22B5-4856-8C88-7E83A33E4B87}C:\users\Userin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\Userin\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{BCCE0253-92B1-42A8-812F-02DAF3BBF41F}C:\users\Userin\downloads\f4\f4.exe" = protocol=6 | dir=in | app=c:\users\Userin\downloads\f4\f4.exe | 
"TCP Query User{C10680B4-C0CB-4587-B2A0-478E857A7424}C:\users\Userin\appdata\roaming\wuala\wuala.exe" = protocol=6 | dir=in | app=c:\users\Userin\appdata\roaming\wuala\wuala.exe | 
"TCP Query User{F59F0BDB-B76A-42AB-9709-ECBD73C284BF}C:\users\Userin\programme\audiotranskription\f4\f4.exe" = protocol=6 | dir=in | app=c:\users\Userin\programme\audiotranskription\f4\f4.exe | 
"UDP Query User{08D7B21C-FACE-4E3D-9AA1-53C04872DAB8}C:\program files\phonostar-player\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\phonostar-player\phonostar.exe | 
"UDP Query User{1666ACAD-6C0B-4313-AB7F-039E82AE7A22}C:\users\Userin\programme\audiotranskription\f4\f4.exe" = protocol=17 | dir=in | app=c:\users\Userin\programme\audiotranskription\f4\f4.exe | 
"UDP Query User{1A23C0D8-2E24-47E6-A8F9-9715A8F9FD27}C:\program files\synkron\synkron.exe" = protocol=17 | dir=in | app=c:\program files\synkron\synkron.exe | 
"UDP Query User{4897B7CE-A51D-412A-9C3E-503D4B45F18B}C:\users\Userin\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\Userin\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{4CADF0ED-FB5E-4FE8-88A1-F69BE31817AD}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"UDP Query User{C1916E5A-185F-4C87-BF09-9F73DB128287}C:\program files\synkron\synkron.exe" = protocol=17 | dir=in | app=c:\program files\synkron\synkron.exe | 
"UDP Query User{E6FCEA65-2CA0-4B8F-AC6E-3F1AE11D23D3}C:\users\Userin\downloads\f4\f4.exe" = protocol=17 | dir=in | app=c:\users\Userin\downloads\f4\f4.exe | 
"UDP Query User{FCB2CEE4-C651-42F3-9898-04425DED8C2D}C:\users\Userin\appdata\roaming\wuala\wuala.exe" = protocol=17 | dir=in | app=c:\users\Userin\appdata\roaming\wuala\wuala.exe | 
"UDP Query User{FD6D5839-0CE9-4A84-B3D9-63343DEC1E04}C:\users\Userin\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\Userin\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = bProtector for Windows
"{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 37
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3134052E-B1F0-465C-B320-5042095B1031}" = Nero 7 Essentials
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F61F885-704C-465A-9FB9-26AEF1D2B2D9}" = Russian Phonetic YaWert - WinRus.com
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{6471B123-F60F-4DC8-8FB4-DE0879A01BB3}" = Alcor Micro Card Rader Driver and Utility
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{735DEB9C-61BD-4D31-994B-92395BBB4E45}" = Microsoft XML Parser
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7F9975A8-C8FF-4C1F-A672-EC4591EB4F03}" = honestech Audio Recorder 2.0 Deluxe
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{94A6BCE1-291D-4BA4-B8CE-C5B169F7A6D4}" = Russian Phonetic Student - WinRus.com
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A0BC5BCD-893F-47F4-8903-FDC7CAC2AFB1}" = honestech Audio Recorder 2.0 Deluxe
"{A1973A71-BC23-4A8C-A0A0-2B0497B7EAF4}" = WISO Sparbuch 2008
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
"{C46B3F2E-877D-460F-9262-99BE7D4ECD8B}" = calibre
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.87.603
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{ED10A1F7-C0D9-44F4-AA62-E6EACFE9188C}" = C-Pen 20
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{F9000000-0015-0000-0000-074957833700}" = ABBYY Screenshot Reader
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Audacity_is1" = Audacity 1.2.6
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner
"DVD Cutter Plus_is1" = DVD Cutter Plus 1.0
"Finale NotePad 2012" = Finale NotePad 2012
"FreePDF_XP" = FreePDF (Remove only)
"FRITZ!DSL" = AVM FRITZ!DSL
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"GridVista" = GridVista
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{6471B123-F60F-4DC8-8FB4-DE0879A01BB3}" = Alcor Micro Card Rader Driver and Utility
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.4.4 (Standard)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"MuseScore" = MuseScore 1.2 MuseScore score typesetter
"Opera 12.14.1738" = Opera 12.14
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.02.8
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 15.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Scribus 1.3.3.14" = Scribus 1.3.3.14
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tomlein.Synkron_is1" = Synkron 1.6.1
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 2.0.2
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"Wuala CBFS" = Wuala CBFS
"Wuala OverlayIcons" = Wuala OverlayIcons
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Wuala" = Wuala
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.12.2012 05:22:21 | Computer Name = Rotbart | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.12.2012 06:28:21 | Computer Name = Rotbart | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.12.2012 04:42:33 | Computer Name = Rotbart | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.12.2012 16:56:49 | Computer Name = Rotbart | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 14.12.2012 17:03:06 | Computer Name = Rotbaer | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Opera.exe, Version: 12.11.1661.0,
 Zeitstempel: 0x50a626f0  Name des fehlerhaften Moduls: Opera.dll, Version: 12.11.1661.0,
 Zeitstempel: 0x50a63621  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000cd0bd  ID des fehlerhaften
 Prozesses: 0x1658  Startzeit der fehlerhaften Anwendung: 0x01cdd9766d6bb4d2  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Opera\Opera.exe  Pfad des fehlerhaften Moduls:
 C:\Program Files\Opera\Opera.dll  Berichtskennung: a791003f-4631-11e2-bd02-00269e0ffb9e
 
Error - 15.12.2012 09:56:32 | Computer Name = Rotbart | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.12.2012 05:25:42 | Computer Name = Rotbart | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 20.12.2012 11:02:29 | Computer Name = Rotbart | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6665.5003,
 Zeitstempel: 0x5061d2a8  Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6665.5003,
 Zeitstempel: 0x5061d2a8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013266  ID des fehlerhaften
 Prozesses: 0x133c  Startzeit der fehlerhaften Anwendung: 0x01cddeb6682afb6c  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE  Pfad des fehlerhaften
 Moduls: C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE  Berichtskennung: 4565e857-4ab6-11e2-af55-00269e0ffb9e
 
Error - 20.12.2012 11:02:59 | Computer Name = Rotbart | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: EXCEL.EXE, Version: 12.0.6665.5003,
 Zeitstempel: 0x5061d2a8  Name des fehlerhaften Moduls: EXCEL.EXE, Version: 12.0.6665.5003,
 Zeitstempel: 0x5061d2a8  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00013266  ID des fehlerhaften
 Prozesses: 0x133c  Startzeit der fehlerhaften Anwendung: 0x01cddeb6682afb6c  Pfad der
 fehlerhaften Anwendung: C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE  Pfad des fehlerhaften
 Moduls: C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE  Berichtskennung: 579464dc-4ab6-11e2-af55-00269e0ffb9e
 
Error - 23.12.2012 10:23:12 | Computer Name = Rotbart | Source = WinMgmt | ID = 10
Description = 
 
Error - 24.12.2012 06:28:35 | Computer Name = Rotbart | Source = WinMgmt | ID = 10
Description = 
 
[ OSession Events ]
Error - 24.12.2011 10:51:50 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 691073
 seconds with 5160 seconds of active time.  This session ended with a crash.
 
Error - 23.01.2012 16:25:08 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 606155
 seconds with 11760 seconds of active time.  This session ended with a crash.
 
Error - 27.03.2012 09:40:00 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6654.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 934767
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 25.05.2012 03:12:40 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 228952
 seconds with 25500 seconds of active time.  This session ended with a crash.
 
Error - 31.05.2012 14:59:31 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 629
 seconds with 180 seconds of active time.  This session ended with a crash.
 
Error - 20.07.2012 08:39:49 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2166917
 seconds with 1860 seconds of active time.  This session ended with a crash.
 
Error - 31.08.2012 15:21:13 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 39795
 seconds with 1260 seconds of active time.  This session ended with a crash.
 
Error - 19.10.2012 10:21:21 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3147
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.11.2012 08:16:46 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1855
 seconds with 420 seconds of active time.  This session ended with a crash.
 
Error - 20.12.2012 11:02:57 | Computer Name = Rotbart | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 5449
 seconds with 1560 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.02.2013 14:22:59 | Computer Name = Rotbart | Source = DCOM | ID = 10005
Description = 
 
Error - 14.02.2013 14:23:37 | Computer Name = Rotbart | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Modules Installer erreicht.
 
Error - 14.02.2013 14:23:37 | Computer Name = Rotbart | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Modules Installer" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 14.02.2013 14:26:06 | Computer Name = Rotbart | Source = DCOM | ID = 10010
Description = 
 
Error - 15.02.2013 03:03:12 | Computer Name = Rotbart | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
Error - 15.02.2013 03:28:06 | Computer Name = Rotbart | Source = DCOM | ID = 10010
Description = 
 
Error - 15.02.2013 04:18:36 | Computer Name = Rotbart | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   cdrom
 
Error - 15.02.2013 12:02:17 | Computer Name = Rotbart | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 16.02.2013 05:13:58 | Computer Name = Rotbart | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{E99820C0-66A5-4471-ABA9-E1614786DC5D} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 16.02.2013 08:31:04 | Computer Name = Rotbart | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
 
< End of report >
--- --- ---

Alt 17.02.2013, 20:20   #2
markusg
/// Malware-holic
 
Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) - Standard

Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


hi
bitte die Emsi, Malwarebytes und sonstigen Funde nachreichen.
http://www.trojaner-board.de/125889-...en-posten.html
__________________

__________________
Alt 17.02.2013, 20:41   #3
lagottesca
 
Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) - Standard

Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


Danke für den Hinweis!

Hier die Malwarebytes:

Zitat:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.16.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Userin :: Userin-Rotbart [Administrator]

16.02.2013 19:34:21
mbam-log-2013-02-16 (19-34-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 379196
Laufzeit: 2 Stunde(n), 33 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Zitat:

Hier Spybot:
Search results from Spybot - Search & Destroy

17.02.2013 18:36:44
Scan took 00:41:42.
83 items found.

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\Users\userin\AppData\Roaming\Babylon\
Directory.subfile=C:\Users\userin\AppData\Roaming\Babylon\log_file.txt
Directory.subfile.size=7347
Directory.subfile.md5=D4498744793A323F6AFD9B9C27462AE2
Directory.subfile.filedate=1350049695
Directory.subfile.filedatetext=2012-10-12 14:48:15

Microsoft.Windows.Security.InternetExplorer: [SBI $A3433CBF] Settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\iexplore.exe

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\a248.e.akamai.net\analytics.sol
Properties.size=472
Properties.md5=D73A2F3281EAE49C876868BA4CCC6F1F
Properties.filedate=1355142259
Properties.filedatetext=2012-12-10 13:24:19

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\cdn.flashtalking.com\ftLocalComms.sol
Properties.size=62
Properties.md5=50A1E7E4938AE96CC2D828C92548FB03
Properties.filedate=1358016234
Properties.filedatetext=2013-01-12 19:43:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\cdn.flashtalking.com\FT_cookie.sol
Properties.size=43
Properties.md5=D10F2A08C7BDD178E5E7F92A1E47BD67
Properties.filedate=1356278815
Properties.filedatetext=2012-12-23 17:06:55

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\cdn.movad.net\movad.sol
Properties.size=67
Properties.md5=36930CE172F907769610DEAEC3BE20FB
Properties.filedate=1356476583
Properties.filedatetext=2012-12-26 00:03:02

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\ced.sascdn.com\ftLocalComms.sol
Properties.size=61
Properties.md5=DEB168CBF71E13562EC9A0D7CE266359
Properties.filedate=1356352531
Properties.filedatetext=2012-12-24 13:35:30

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\content.adriver.ru\storage.sol
Properties.size=72
Properties.md5=EF070BC056FC6B4DB9F21E23F73A220C
Properties.filedate=1357389776
Properties.filedatetext=2013-01-05 13:42:55

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=69
Properties.md5=3BE67ADCCBC37D8F196A6B70D092A36B
Properties.filedate=1353777682
Properties.filedatetext=2012-11-24 18:21:21

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\mail.google.com\wakeup.sol
Properties.size=37
Properties.md5=FAEBF828D6C5D158230E0778B228B291
Properties.filedate=1350461991
Properties.filedatetext=2012-10-17 09:19:50

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\neo.zdf.de\com.conviva.livePass.sol
Properties.size=229
Properties.md5=ED5203FF06A8A856E06C93366DFCE733
Properties.filedate=1354563259
Properties.filedatetext=2012-12-03 20:34:18

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=27066C5CE6ACB3604F72198207DBBC05
Properties.filedate=1358776423
Properties.filedatetext=2013-01-21 14:53:42

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\s0.2mdn.net\ftLocalComms.sol
Properties.size=61
Properties.md5=DEB168CBF71E13562EC9A0D7CE266359
Properties.filedate=1355144280
Properties.filedatetext=2012-12-10 13:57:59

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\secure-a.vimeocdn.com\com.conviva.livePass.sol
Properties.size=224
Properties.md5=EB311F586D0F59CA44B5448D5606249D
Properties.filedate=1358843652
Properties.filedatetext=2013-01-22 09:34:11

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\secureinclude.ebaystatic.com\ebayLSO.sol
Properties.size=131
Properties.md5=02E868B2A2D60C221D5DFCF898C2A352
Properties.filedate=1355248749
Properties.filedatetext=2012-12-11 18:59:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\secureinclude.ebaystatic.com\ebayT.sol
Properties.size=39
Properties.md5=B43F43445AA3414DDC22EC80FBB22871
Properties.filedate=1355248750
Properties.filedatetext=2012-12-11 18:59:09

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\ssl.hurra.com\restore.hurra.com.sol
Properties.size=178
Properties.md5=0A3EAA10A30E042A6E260D6CA19518D9
Properties.filedate=1355680106
Properties.filedatetext=2012-12-16 18:48:25

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\static.issuu.com\analytics.sol
Properties.size=419
Properties.md5=BA99634B46A3F8FA195769698F8D6DF4
Properties.filedate=1357925870
Properties.filedatetext=2013-01-11 18:37:49

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\static.issuu.com\com.quantserve.sol
Properties.size=72
Properties.md5=1F9A859374B7238577E775B18B5BB02B
Properties.filedate=1356539619
Properties.filedatetext=2012-12-26 17:33:38

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\vkfiles.file-share-stick.ru\uppodData.sol
Properties.size=72
Properties.md5=E5BB7A99C8E113CCC02DC853E120C311
Properties.filedate=1358535673
Properties.filedatetext=2013-01-18 20:01:12

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\weltbild.scene7.com\s7_storage_init.sol
Properties.size=346
Properties.md5=EF7E8B2D77BF83A29B4C92399F09193A
Properties.filedate=1355680907
Properties.filedatetext=2012-12-16 19:01:46

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\weltbild.scene7.com\s7_storage_tracker.sol
Properties.size=177
Properties.md5=6D1A86FCAE9EE885F73DDCF30115B33C
Properties.filedate=1355680908
Properties.filedatetext=2012-12-16 19:01:48

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\www.paypal-deutschland.de\ppLsoTest.sol
Properties.size=48
Properties.md5=74EE4375686A2069414EEF13E7B62789
Properties.filedate=1353602261
Properties.filedatetext=2012-11-22 17:37:40

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\www.paypalobjects.com\paypalLSO.sol
Properties.size=111
Properties.md5=CA7D2D9DD519648C3685847C4EDA3FF9
Properties.filedate=1353602079
Properties.filedatetext=2012-11-22 17:34:39

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\www.paypalobjects.com\ppLsoTest.sol
Properties.size=48
Properties.md5=74EE4375686A2069414EEF13E7B62789
Properties.filedate=1353602049
Properties.filedatetext=2012-11-22 17:34:09

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\skype.com\#ui\preferences.sol
Properties.size=233
Properties.md5=10AC9F6C75D5C7FC29654E626251119D
Properties.filedate=1361049495
Properties.filedatetext=2013-02-16 22:18:14

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\a.affil.io\s\af.swf\afstorage.sol
Properties.size=52
Properties.md5=A9E983C759CE3E65B3F7062A1CDE6053
Properties.filedate=1353758803
Properties.filedatetext=2012-11-24 13:06:43

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\a248.e.akamai.net\swf.soundcloud.com\player.swf\SCPlayer.sol
Properties.size=72
Properties.md5=F7D33BA7D609EB1F1FE23636A1E856A4
Properties.filedate=1355141972
Properties.filedatetext=2012-12-10 13:19:32

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\heias.com\x\heias_sc.swf\heias.sol
Properties.size=63
Properties.md5=F40F0C3D19F18BD2BF1B67CDD5DDD751
Properties.filedate=1355947651
Properties.filedatetext=2012-12-19 21:07:31

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\lads.myspace.com\videos\MSVideoPlayer.swf\preferences.sol
Properties.size=153
Properties.md5=5802345F33DDED7BE8E40DE4B84D9BC2
Properties.filedate=1357495705
Properties.filedatetext=2013-01-06 19:08:24

Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\userin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\TT5MLMWB\www.peterzahlt.de\swf\userdata.swf\userdata.sol
Properties.size=84
Properties.md5=0EFEA07DD644820612AC87A13974B9B3
Properties.filedate=1355249500
Properties.filedatetext=2012-12-11 19:11:40

MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): userin) (Browser: Cookie, nothing done)


FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): userin) (Browser: Cookie, nothing done)


MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): userin) (Browser: Cookie, nothing done)


DoubleClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): userin) (Browser: Cookie, nothing done)


MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): userin) (Browser: Cookie, nothing done)


Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=116035
Properties.md5=AE8969F14CCBB17368304DFBDEAFC682
Properties.filedate=1360916286
Properties.filedatetext=2013-02-15 09:18:06

7-Zip: [SBI $0D2606FE] Extracted archives history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\7-ZIP\Extraction\PathHistory

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\7-ZIP\FM\FolderHistory

7-Zip: [SBI $3D5692BD] Last used folder (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\7-ZIP\FM\PanelPath0

Ahead Nero Burning Rom: [SBI $0D846EDB] Compilation directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Ahead\Nero - Burning Rom\Settings\NeroCompilation

Ahead Nero Burning Rom: [SBI $F3FD92E9] Working directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Ahead\Nero - Burning Rom\Settings\WorkingDir

Ahead Nero Burning Rom: [SBI $055C754D] Last ISO directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\ahead\Nero - Burning Rom\General\OFDLastISODir

Ahead Nero Burning Rom: [SBI $505FB952] Last Audio directory (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\ahead\Nero - Burning Rom\General\OFDLastAudioDir

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation

MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Office\12.0\Excel\File MRU

MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Office\12.0\PowerPoint\File MRU

MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Office\12.0\Word\File MRU

Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $48691F6C] Open with list - .ASD extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASD\OpenWithList

Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows.OpenWith: [SBI $C92C6763] Open with list - .BUP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList

Windows.OpenWith: [SBI $9E8D5C8A] Open with list - .CDA extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2734760909-425500718-3500750494-1000\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (50) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (80) (Browser: Cache, nothing done)


Verlauf: [SBI $49804B54] Browser: History (285) (Browser: History, nothing done)


Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done)


Verlauf: [SBI $49804B54] Browser: History (1000) (Browser: History, nothing done)



--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---

2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2013-02-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2013-02-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2013-02-12 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-02-05 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2013-01-16 Includes\Trojans.sbi (*)
2013-02-06 Includes\TrojansC-02.sbi (*)
2013-02-12 Includes\TrojansC-03.sbi (*)
2013-01-28 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2013-02-04 Includes\TrojansC.sbi (*)
Emsisoft
Zitat:
Emsisoft Emergency Kit - Version 3.0
Letztes Update: 16.02.2013 16:29:49

Scan Einstellungen:

Scan Methode: Detail Scan
Objekte: Rootkits, Speicher, Traces, C:\

Riskware-Erkennung: Aus
Archiv Scan: An
ADS Scan: An
Dateitypen-Filter: Aus
Erweitertes Caching: An
Direkter Festplattenzugriff: Aus

Scan Beginn: 16.02.2013 16:31:36

C:\ProgramData\Avira\AntiVir Desktop\INFECTED\494c1d83.qua -> (Quarantine-8) -> (Instyler o) -> (Instyler Module 12) gefunden: Spyware.Relevantknowledge.A (B)
C:\ProgramData\Avira\AntiVir Desktop\INFECTED\494c1d83.qua -> (Quarantine-8) -> (Instyler o) -> (Instyler Module 13) gefunden: Spyware.Relevantknowledge.A (B)

Gescannt 441948
Gefunden 2

Scan Ende: 16.02.2013 19:25:32
Scan Zeit: 2:53:56

C:\ProgramData\Avira\AntiVir Desktop\INFECTED\494c1d83.qua -> (Quarantine-8) -> (Instyler o) -> (Instyler Module 12) Gelöscht Spyware.Relevantknowledge.A (B)

Gelöscht 1
So, das waren die Logs, die habe. Allerdings haben mir die bei meinem Problem zunächst nicht so weiter geholfen.

Danke im Voraus!
__________________
Alt 17.02.2013, 20:44   #4
markusg
/// Malware-holic
 
Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) - Standard

Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


hmm, hatte Malwarebytes keine Funde, denn das log enthält keine.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 17.02.2013, 21:00   #5
lagottesca
 
Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) - Standard

Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


Leider wurde da ja überall nicht wirklich etwas gefunden.. Aber unter meinen Programmen taucht komischerweise bProtector for Windows auf, das ich nicht einordnen kann; und wenn ich danach google, wird es als gefährlich eingestuft. Kann eine Verlangsamung meines Computers etwas damit zu tun haben? Wenn ja, wie wird man bProtector wieder los?
Vielen Dank auf jeden Fall..


Alt 18.02.2013, 15:29   #6
markusg
/// Malware-holic
 
Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) - Standard

Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


was heißt "nicht wirklich" wurde etwas gefunden, dann log posten, oder nicht, dann sags bitte auch so :-)
__________________
--> Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)

Antwort

Themen zu Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)
7-zip, anzahl, audacity, automatische, avira, browser manager, emsisoft, ergebnis, folge, install.exe, intranet, kleine, langsam, launch, malwarebytes, merkwürdig, msiinstaller, nichts, office 2007, origin, phänomen, plug-in, plötzlich, problem, probleme, relativ, scan, scanner, spybot, super, taskhost.exe, tipps, updates, verschwunden, virenscanner, win, windows, windows 7


« "tcbhn mußte unterbrochen werden", dieses Feld wird ständig eingeblendet und ich kann nichts damit anfangen. | Mail von FedEx »


Ähnliche Themen: Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)


  1. Kleines Netbook Windows 7 Starter ist quälend langsam
    Plagegeister aller Art und deren Bekämpfung - 29.05.2015 (9)
  2. WinXP: Internet plötzlich langsam (nach fehlgeschlagener Installation eines USB-Funkreceivers)
    Log-Analyse und Auswertung - 10.06.2014 (7)
  3. Windows 7 Starter startet nach Updates nicht mehr (Microsoft Office Updates)
    Log-Analyse und Auswertung - 31.03.2014 (15)
  4. Windows 7 64 bit - Rechner sehr langsam nach Installation eines fake Adobe-Updates
    Log-Analyse und Auswertung - 14.12.2013 (9)
  5. Automat. Updates nicht aktivierbar (XP)
    Alles rund um Windows - 18.09.2011 (5)
  6. Pc ist plötzlich langsam.
    Log-Analyse und Auswertung - 05.01.2011 (1)
  7. PC nach Verwenden einer "Demo"-Version plötzlich langsam
    Log-Analyse und Auswertung - 02.01.2011 (1)
  8. Nach Hiloti.gen: Firefox öffnet eigenständig Tabs u. Windows automat. Updates schlagen fehl
    Plagegeister aller Art und deren Bekämpfung - 24.08.2010 (15)
  9. Pc plötzlich langsam
    Log-Analyse und Auswertung - 05.09.2009 (3)
  10. Browser wird umgelenkt und antvir kann plötzlich keine updates mehr
    Log-Analyse und Auswertung - 28.02.2009 (17)
  11. AOL und T-Online-Software/Seitenaufbau quälend langsam
    Log-Analyse und Auswertung - 16.12.2008 (6)
  12. Windows Updates&Firewall inaktiv, IE PopUps, AntySpywareExpert plötzlich da,..
    Plagegeister aller Art und deren Bekämpfung - 30.06.2008 (39)
  13. altes Laptop quälend langsam
    Log-Analyse und Auswertung - 07.03.2008 (10)
  14. Internetzugang quälend langsam
    Log-Analyse und Auswertung - 07.03.2008 (4)
  15. Automat. Auswertung - Resultate???
    Log-Analyse und Auswertung - 29.01.2005 (3)
  16. Automat. Trojaner-Scanner möglich?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2003 (6)
  17. Virus Worm.Automat.AHB
    Plagegeister aller Art und deren Bekämpfung - 23.09.2003 (10)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) - Hallo in die Runde, habe folgendes Problem: Mein geliebtes Acer-Timeline-Netbook unter Windows 7 (32-bit) verhält sich von einem Tag auf den anderen merkwürdig: Alles reagiert/lädt quälend langsam. Zuvor wurde über - Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates)...
Archiv
Du betrachtest: Win 7 32-Bit plötzlich quälend langsam (nach automat. Updates) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130