| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows 7 Anwenderprogramme öffnen nur sehr langsamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2013, 16:59
| #16 |
 |  Windows 7 Anwenderprogramme öffnen nur sehr langsam hier die log |
|
27.02.2013, 17:10
| #17 |
| /// Malware-holic   | Windows 7 Anwenderprogramme öffnen nur sehr langsam deinstaliere:
__________________7-Zip deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. deinstaliere: ArtMoney Ashampoo Bandisoft Blazing Cobra CPUID DIE SIEDLER Empire Earth II F1 : unnötige Feuer FIFA : unnötige FWTools GameSpy Minecraft Paint pc-profi Rapture3D TeamViewer : würd ich nur bei Bedarf instalieren. TmNationsForever TuneUp : verzichte auf solchen quatsch, diese Funktionen hat windows bereits, viele davon sind unnötig, einige können dem System schaden Unity Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
28.02.2013, 14:59
| #18 |
| | Windows 7 Anwenderprogramme öffnen nur sehr langsam AdwCleaner Logfile:
__________________Code:
ATTFilter # AdwCleaner v2.113 - Datei am 28/02/2013 um 14:52:05 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : User - SIMONHIGHENDPC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\User\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\ProgramData\boost_interprocess
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BundleSweetIMSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKU\S-1-5-21-623873469-867003086-1673644374-1004\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKU\S-1-5-21-623873469-867003086-1673644374-501\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16464
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0 (de)
*************************
AdwCleaner[S1].txt - [3455 octets] - [28/02/2013 14:52:05]
########## EOF - C:\AdwCleaner[S1].txt - [3515 octets] ##########
|
|
28.02.2013, 16:45
| #19 |
| /// Malware-holic | Windows 7 Anwenderprogramme öffnen nur sehr langsam Hi, HitmanPro - Download - Filepony Hitmanpro laden, doppelklicken, Lizenz, testlizenz. Auf Scan, nichts löschen, auf weiter. Log als xml exportieren und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 15:36
| #20 |
| | Windows 7 Anwenderprogramme öffnen nur sehr langsamCode:
ATTFilter HitmanPro 3.7.2.189
www.hitmanpro.com
Computer name . . . . : SIMONHIGHENDPC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : SIMONHIGHENDPC\User
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-03-01 14:54:33
Scan mode . . . . . . : Normal
Scan duration . . . . : 32m 7s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 2
Traces . . . . . . . : 54
Objects scanned . . . : 2.412.539
Files scanned . . . . : 52.013
Remnants scanned . . : 1.043.170 files / 1.317.356 keys
Malware _____________________________________________________________________
C:\Users\User\Dropbox\gpl\SIGSPAT.EXE
Size . . . . . . . : 638.464 bytes
Age . . . . . . . : 75.6 days (2012-12-15 23:19:22)
Entropy . . . . . : 6.2
SHA-256 . . . . . : 74C02B683AB5DDA8E15E0B82A384EDF129F4A46790F3E8075CB8662E15CBAADF
Product . . . . . : Sierra OnLine SIGSPat
Publisher . . . . : Cendant Software, Inc.
Description . . . : SIGSPat
Version . . . . . : 4.03.0000
Copyright . . . . : Copyright © 1998
> Ikarus . . . . . . : Virus.Win9x.CIH!IK
Fuzzy . . . . . . : 100.0
C:\Users\User\Dropbox\gpl\sutil32.exe
Size . . . . . . . : 910.848 bytes
Age . . . . . . . : 75.6 days (2012-12-15 23:19:23)
Entropy . . . . . : 4.6
SHA-256 . . . . . : 574FCE305B79DAE6A123365C0D35EFB870D146AE722CA99540DC15F7D6B55EEC
Product . . . . . : Sierra Utilities
Publisher . . . . : Cendant Software Inc.
Description . . . : SierraUtilities 32bit Version
Version . . . . . : 2.00.0032
Copyright . . . . : Copyright © 1998 Cendant Software Corp.
> G Data . . . . . . : Trojan.Flashkiller.C (Engine A)
Fuzzy . . . . . . : 100.0
Suspicious files ____________________________________________________________
C:\Users\User\Dropbox\gpl\directx\dplaysvr.exe
Size . . . . . . . : 23.960 bytes
Age . . . . . . . : 75.6 days (2012-12-15 23:22:24)
Entropy . . . . . : 5.6
SHA-256 . . . . . : 836862AD78FB9A0EAF6C91AA85890ABF92257E256533E55EC7088C7820F3B357
Product . . . . . : Microsoft® DirectX for Windows® 95
Publisher . . . . : Microsoft Corporation
Description . . . : Microsoft DirectPlay Server
Version . . . . . : 4.05.00.0155
Copyright . . . . : Copyright © Microsoft Corp. 1994-1997
RSA Key Size . . . : 512
Authenticode . . . : Invalid
Fuzzy . . . . . . : 48.0
Program is code signed with a weak certificate. This is common to malware.
Program is altered or corrupted since it was code signed by its author. This is typical for malware and pirated software.
Program is impersonating a common Windows system file. This is typical for malware.
Cookies _____________________________________________________________________
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:ads.creative-serving.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:adtech.de
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:apmebf.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:bs.serving-sys.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:doubleclick.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:invitemedia.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:mediaplex.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:revsci.net
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:serving-sys.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\6963uscf.default\cookies.sqlite:track.adform.net
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\0GCCSZ6M.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\0XA0ZZIO.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\0YK620J6.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\14B24IKZ.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\36DQ625M.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\3KLTYFKI.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\4ML2N8S8.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\513GF3EV.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\6G1K42K7.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\7Z709CQE.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\BAMRIHNG.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\CM0SNW0Z.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\E1C4WJ44.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\EBBNOFIR.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\GCWO1U99.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\H8TFFE2K.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\IN2UHIKA.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\JKM9KRL7.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\Q7PXAEJH.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\SKMSJCG4.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\TJUY2Q30.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\UDOOAC8Q.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\UI2Z3L97.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\ZIRJB5KG.txt
C:\Users\User\AppData\Roaming\Microsoft\Windows\Cookies\ZYU8QQ9Z.txt
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:atdmt.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:c1.atdmt.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:de.sitestat.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:doubleclick.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:eaeacom.112.2o7.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:in.getclicky.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:invitemedia.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:kaspersky.122.2o7.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:olympiaverlag.122.2o7.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:oracle.112.2o7.net
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:serving-sys.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:statse.webtrendslive.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:xiti.com
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:yadro.ru
C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\h2syn23t.default\cookies.sqlite:yoursexyproxy.info
|
|
01.03.2013, 16:50
| #21 |
| /// Malware-holic | Windows 7 Anwenderprogramme öffnen nur sehr langsam alles mit Hitmanpro löschen. neustarten, neues otl log erstellen
__________________ --> Windows 7 Anwenderprogramme öffnen nur sehr langsam |
|
01.03.2013, 20:55
| #22 |
| | Windows 7 Anwenderprogramme öffnen nur sehr langsam soll ich einfach nur quickscan machen oder nochmal mit benutzerdefiniert? Hier das Log mit benutzerdefiniertem Scan:OTL Logfile: Code:
ATTFilter OTL logfile created on: 01.03.2013 21:00:21 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 15,95 Gb Total Physical Memory | 13,97 Gb Available Physical Memory | 87,59% Memory free 31,89 Gb Paging File | 29,84 Gb Available in Paging File | 93,56% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,79 Gb Total Space | 1497,80 Gb Free Space | 80,41% Space Free | Partition Type: NTFS Drive D: | 6,02 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive I: | 571,17 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 14,93 Gb Total Space | 3,45 Gb Free Space | 23,11% Space Free | Partition Type: FAT32 Computer Name: SIMONHIGHENDPC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.21 20:44:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe PRC - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.01.05 12:59:50 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2011.12.16 14:08:32 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe PRC - [2009.10.07 00:47:22 | 000,125,464 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - [2011.12.02 04:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2) SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2010.03.03 10:01:00 | 000,182,784 | ---- | M] (Samsung India Software Center) [Auto | Running] -- C:\Program Files\Samsung\FrameManager\sam_service.exe -- (FrameManager Service) SRV:64bit: - [2009.10.07 00:47:10 | 000,191,000 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcS64) SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.02.25 07:39:32 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.02.16 01:34:06 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.10 04:25:27 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.12.10 17:29:46 | 002,465,712 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc) SRV - [2012.11.26 18:35:10 | 000,745,368 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService) SRV - [2012.04.10 18:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Stopped] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP) SRV - [2011.12.16 14:08:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.06 01:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2003.01.17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papycpu2.sys -- (papycpu2) SRV - [2003.01.17 03:59:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.29 16:18:58 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.12.27 01:26:12 | 000,805,088 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.08.23 15:12:16 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.05 12:58:48 | 000,786,200 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.01.05 12:58:48 | 000,355,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.01.05 12:58:48 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2011.11.02 10:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.04.20 13:50:08 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.10 17:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6) DRV:64bit: - [2011.03.04 12:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2) DRV:64bit: - [2011.03.04 12:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1) DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub) DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc) DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.04.28 00:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid) DRV:64bit: - [2010.04.28 00:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo) DRV:64bit: - [2010.04.28 00:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum) DRV:64bit: - [2010.04.27 22:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore) DRV:64bit: - [2010.04.27 22:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter) DRV:64bit: - [2010.03.19 02:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010.03.04 13:31:22 | 000,030,776 | ---- | M] (Samsung India Software Center) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sam_miniport.sys -- (SODI) DRV:64bit: - [2010.03.04 13:31:18 | 000,023,480 | ---- | M] (Samsung India Software Center) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sam_miniusb.sys -- (miniusb) DRV:64bit: - [2010.02.24 11:20:40 | 000,191,616 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\acedrv11.sys -- (acedrv11) DRV:64bit: - [2009.11.02 19:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt) DRV:64bit: - [2009.10.07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon) DRV:64bit: - [2009.10.07 00:45:50 | 000,030,232 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64) DRV:64bit: - [2009.09.16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.07.14 01:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.01 00:01:34 | 000,327,576 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2009.04.30 23:55:56 | 002,755,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) DRV:64bit: - [2009.04.30 23:55:46 | 000,015,896 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64) DRV:64bit: - [2009.04.08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.03.18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi) DRV:64bit: - [2008.07.26 14:26:34 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64) DRV:64bit: - [2007.03.08 18:03:58 | 001,541,120 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM305.sys -- (ZSMC0305) DRV:64bit: - [2007.02.02 19:47:18 | 000,300,800 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vvftav.sys -- (vvftav) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2003.01.17 03:59:56 | 000,001,984 | ---- | M] () [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papycpu2.sys -- (papycpu2) DRV - [2003.01.17 03:59:56 | 000,001,856 | ---- | M] () [Unknown (-1) | Unknown (-1) | Stopped] -- C:\Windows\SysWOW64\drivers\papyjoy.sys -- (papyjoy) DRV - [1998.09.04 12:32:22 | 000,001,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\papycpu.sys -- (papycpu) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search.yahoo.com/web?fr=vc_trans_de_8197 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D7 3C 6D 8E A6 0E CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.6 FF - prefs.js..extensions.enabledAddons: %7Bd49a148e-817e-4025-bee3-5d541376de3b%7D:2.0 FF - prefs.js..extensions.enabledAddons: langpack-de%40firefox.mozilla.org:19.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.28 17:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.28 17:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\User\AppData\Roaming\Helper [2013.02.03 16:26:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.28 17:34:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.23 18:34:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.31 20:36:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.02.21 15:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h2syn23t.default\extensions [2013.01.31 16:23:39 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\h2syn23t.default\extensions\ich@maltegoetz.de [2013.01.31 16:23:39 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.02.21 15:50:54 | 000,306,394 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\extensions\langpack-de@firefox.mozilla.org.xpi [2013.01.31 16:23:38 | 000,348,761 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\extensions\proxylist@proxylists.me.xpi [2013.02.14 17:42:10 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.01 22:56:02 | 000,008,883 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\extensions\{d49a148e-817e-4025-bee3-5d541376de3b}.xpi [2013.02.03 16:26:36 | 000,002,046 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\searchplugins\360dbd17-2787-4a41-8a5e-a89509e04aca.xml [2013.02.23 18:34:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.14 15:45:05 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2013.02.14 15:45:05 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2 [2013.02.16 01:34:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.02.16 05:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.16 05:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.02.16 05:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.02.16 05:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.16 05:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.16 05:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.27 15:09:57 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [BigDog305] C:\Windows\VM305_STI.EXE (Vimicro) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) O4 - HKLM..\Run: [RoccatKonePure] C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE (ROCCAT GmbH) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 60 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO) O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B2260ABA-03F9-49A9-8720-710E51E73984}: DhcpNameServer = 7.254.254.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE74617E-9D34-49D5-BFC3-D4D88DE756F1}: DhcpNameServer = 217.0.43.97 217.0.43.113 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA4F2766-301B-48E0-9012-4BAF43095570}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.18 09:13:14 | 000,000,074 | R--- | M] () - D:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2002.01.18 18:47:38 | 000,868,352 | R--- | M] () - I:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [2002.01.03 14:06:12 | 000,000,050 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^User^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - File not found MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DAEMON Tools Net Agent - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Duden Korrektor SysTray - hkey= - key= - C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.) MsConfig:64bit - StartUpReg: FrameManager - hkey= - key= - C:\Program Files\Samsung\FrameManager\FrameManager.exe (Samsung Electronics Co. Ltd) MsConfig:64bit - StartUpReg: LogitechQuickCamRibbon - hkey= - key= - C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe () MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - File not found MsConfig:64bit - StartUpReg: spdetector3 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Start WingMan Profiler - hkey= - key= - C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: Wondershare Helper Compact.exe - hkey= - key= - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (Wondershare) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.03.01 20:50:09 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2013.03.01 15:36:09 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro [2013.03.01 14:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.03.01 14:50:03 | 009,565,552 | ---- | C] (SurfRight B.V.) -- C:\Users\User\Desktop\HitmanPro_x64.exe [2013.02.27 15:52:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.27 14:58:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.27 14:58:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.27 14:58:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.27 14:58:33 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.27 14:58:21 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.27 14:51:37 | 005,036,023 | R--- | C] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013.02.26 17:57:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Security Suite CBE 12 [2013.02.24 12:00:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2013.02.24 12:00:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.22 19:56:25 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe [2013.02.22 16:43:03 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.21 20:45:15 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2013.02.21 20:44:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.02.21 15:28:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\TuneUp Software [2013.02.21 15:27:34 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software [2013.02.21 14:53:40 | 000,000,000 | ---D | C] -- C:\TuneUpPortable [2013.02.18 17:35:35 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Tunngle [2013.02.18 17:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Tunngle [2013.02.18 17:35:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle [2013.02.18 17:35:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle [2013.02.18 17:19:42 | 000,000,000 | ---D | C] -- C:\Program Files\GIGABYTE [2013.02.18 17:15:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM [2013.02.18 17:15:21 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.02.18 17:14:55 | 002,603,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll [2013.02.18 17:14:52 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.02.18 17:14:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.02.18 17:14:50 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.02.18 17:14:49 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.02.18 17:14:30 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.02.18 17:14:29 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.02.18 17:14:28 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.02.18 17:14:27 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.02.18 17:14:27 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.02.18 17:14:27 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.02.18 17:14:21 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll [2013.02.18 17:14:20 | 000,958,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.02.18 17:14:19 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll [2013.02.18 17:14:14 | 002,528,832 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.02.17 17:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi [2013.02.17 17:41:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi [2013.02.16 22:41:52 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\.minecraft [2013.02.16 21:05:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\http___mvc.craften.de [2013.02.16 21:04:45 | 002,754,048 | ---- | C] (hxxp://mvc.craften.de) -- C:\Users\User\Desktop\Minecraft Version Changer.exe [2013.02.15 15:20:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Package Cache [2013.02.15 15:15:18 | 000,000,000 | ---D | C] -- C:\AiO-Files [2013.02.15 15:09:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AmIcoSingLun [2013.02.15 15:09:18 | 000,000,000 | ---D | C] -- C:\ProgramData\AmUStor [2013.02.15 14:50:44 | 000,805,088 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys [2013.02.15 13:29:25 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius [2013.02.14 15:45:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.13 14:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2013.02.13 14:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE [2013.02.11 20:05:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\.minecraft [2013.02.10 14:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.07 14:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\en-US [2013.02.07 14:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\en [2013.02.07 14:41:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0409 [2013.02.07 14:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\en [2013.02.07 14:41:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409 [2013.02.06 16:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Installer Clean Up [2013.02.04 14:32:26 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\FileZilla [2013.02.04 14:26:08 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO [2013.02.03 16:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2013 [2013.02.03 16:34:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013.02.03 16:34:39 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2013.02.03 16:26:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Helper [2013.02.03 16:26:35 | 000,000,000 | ---D | C] -- C:\ProgramData\DNSErrorHelper [2013.02.03 16:26:24 | 000,493,056 | ---- | C] ( datenhaus GmbH) -- C:\Windows\SysWow64\dhRichClient3.dll [2013.02.03 16:26:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DesktopIconForAmazon [2013.02.03 16:26:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OCS [2013.02.03 16:19:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.02.02 21:53:05 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Sun [2013.02.02 18:38:39 | 000,000,000 | R--D | C] -- C:\Users\User\Documents\Scanned Documents [2013.02.02 18:38:39 | 000,000,000 | ---D | C] -- C:\Users\User\Documents\Fax [2013.02.02 12:27:28 | 000,226,304 | ---- | C] (RAD Game Tools, Inc.) -- C:\Windows\SysNative\binkw32.dll [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.01 20:58:11 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.01 20:57:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.01 20:50:09 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe [2013.03.01 20:44:33 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 20:44:33 | 000,022,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.01 20:41:02 | 009,565,552 | ---- | M] (SurfRight B.V.) -- C:\Users\User\Desktop\HitmanPro_x64.exe [2013.03.01 15:28:32 | 000,017,616 | ---- | M] () -- C:\Users\User\Desktop\HitmanPro_20130301_1528.xml [2013.03.01 15:23:10 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.28 14:53:48 | 000,438,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.28 14:50:44 | 000,594,019 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.02.27 20:08:45 | 001,621,244 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.27 20:08:45 | 000,702,062 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.27 20:08:45 | 000,655,438 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.27 20:08:45 | 000,149,618 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.27 20:08:45 | 000,122,310 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.27 15:36:26 | 005,036,023 | R--- | M] (Swearware) -- C:\Users\User\Desktop\ComboFix.exe [2013.02.27 15:09:57 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.26 18:23:08 | 000,153,053 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat [2013.02.26 18:23:08 | 000,107,384 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat [2013.02.24 16:00:39 | 000,005,632 | ---- | M] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.02.24 00:06:38 | 002,754,048 | ---- | M] (hxxp://mvc.craften.de) -- C:\Users\User\Desktop\Minecraft Version Changer.exe [2013.02.23 18:30:42 | 000,003,762 | ---- | M] () -- C:\Windows\SysNative\cc_20130223_183040.reg [2013.02.22 19:56:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\User\Desktop\tdsskiller.exe [2013.02.22 15:50:32 | 000,001,057 | ---- | M] () -- C:\Users\User\Desktop\weoiss1998 - Verknüpfung.lnk [2013.02.21 20:44:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe [2013.02.18 17:35:35 | 000,000,991 | ---- | M] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2013.02.18 17:12:49 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2013.02.17 21:25:44 | 000,000,196 | ---- | M] () -- C:\Windows\SysNative\cc_20130217_212519.reg [2013.02.17 20:10:56 | 000,000,744 | ---- | M] () -- C:\Windows\SysNative\cc_20130217_201049.reg [2013.02.17 13:19:14 | 001,644,462 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.02.16 13:32:36 | 000,000,258 | ---- | M] () -- C:\Windows\SysNative\cc_20130216_133234.reg [2013.02.16 13:32:21 | 000,009,020 | ---- | M] () -- C:\Windows\SysNative\cc_20130216_133219.reg [2013.02.16 00:45:06 | 000,000,178 | ---- | M] () -- C:\Windows\SysNative\cc_20130216_004504.reg [2013.02.16 00:44:53 | 000,000,242 | ---- | M] () -- C:\Windows\SysNative\cc_20130216_004451.reg [2013.02.16 00:44:19 | 000,010,480 | ---- | M] () -- C:\Windows\SysNative\cc_20130216_004416.reg [2013.02.15 15:34:48 | 000,001,028 | ---- | M] () -- C:\Windows\SysNative\cc_20130215_153446.reg [2013.02.15 15:34:38 | 000,006,030 | ---- | M] () -- C:\Windows\SysNative\cc_20130215_153435.reg [2013.02.12 17:12:41 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\Access.dat [2013.02.12 12:37:20 | 000,000,439 | ---- | M] () -- C:\Windows\SIERRA.INI [2013.02.10 17:38:29 | 000,002,242 | ---- | M] () -- C:\Windows\SysNative\cc_20130210_173828.reg [2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb [2013.02.09 15:26:58 | 000,001,262 | ---- | M] () -- C:\Users\User\Desktop\Roaming - Verknüpfung.lnk [2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin [2013.02.08 16:27:45 | 000,000,704 | ---- | M] () -- C:\Users\User\AppData\Roaming\server.properties [2013.02.03 16:10:27 | 000,008,038 | ---- | M] () -- C:\Windows\SysNative\cc_20130203_161025.reg [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.01 15:28:32 | 000,017,616 | ---- | C] () -- C:\Users\User\Desktop\HitmanPro_20130301_1528.xml [2013.02.28 14:50:36 | 000,594,019 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner.exe [2013.02.27 14:58:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.27 14:58:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.27 14:58:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.27 14:58:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.27 14:58:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.23 18:35:04 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.02.23 18:30:41 | 000,003,762 | ---- | C] () -- C:\Windows\SysNative\cc_20130223_183040.reg [2013.02.22 15:50:32 | 000,001,057 | ---- | C] () -- C:\Users\User\Desktop\weoiss1998 - Verknüpfung.lnk [2013.02.21 16:03:04 | 000,438,424 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.18 17:35:35 | 000,000,991 | ---- | C] () -- C:\Users\Public\Desktop\Tunngle beta.lnk [2013.02.18 17:19:42 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe [2013.02.18 17:19:42 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys [2013.02.18 17:14:27 | 000,215,644 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT [2013.02.17 21:25:32 | 000,000,196 | ---- | C] () -- C:\Windows\SysNative\cc_20130217_212519.reg [2013.02.17 20:10:51 | 000,000,744 | ---- | C] () -- C:\Windows\SysNative\cc_20130217_201049.reg [2013.02.16 13:32:35 | 000,000,258 | ---- | C] () -- C:\Windows\SysNative\cc_20130216_133234.reg [2013.02.16 13:32:20 | 000,009,020 | ---- | C] () -- C:\Windows\SysNative\cc_20130216_133219.reg [2013.02.16 00:45:05 | 000,000,178 | ---- | C] () -- C:\Windows\SysNative\cc_20130216_004504.reg [2013.02.16 00:44:52 | 000,000,242 | ---- | C] () -- C:\Windows\SysNative\cc_20130216_004451.reg [2013.02.16 00:44:18 | 000,010,480 | ---- | C] () -- C:\Windows\SysNative\cc_20130216_004416.reg [2013.02.15 15:34:47 | 000,001,028 | ---- | C] () -- C:\Windows\SysNative\cc_20130215_153446.reg [2013.02.15 15:34:37 | 000,006,030 | ---- | C] () -- C:\Windows\SysNative\cc_20130215_153435.reg [2013.02.15 13:19:11 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2013.02.10 17:38:29 | 000,002,242 | ---- | C] () -- C:\Windows\SysNative\cc_20130210_173828.reg [2013.02.09 15:26:58 | 000,001,262 | ---- | C] () -- C:\Users\User\Desktop\Roaming - Verknüpfung.lnk [2013.02.08 16:27:45 | 000,000,704 | ---- | C] () -- C:\Users\User\AppData\Roaming\server.properties [2013.02.06 16:43:51 | 000,002,849 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Install Clean Up.lnk [2013.02.03 16:26:24 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.03 16:10:26 | 000,008,038 | ---- | C] () -- C:\Windows\SysNative\cc_20130203_161025.reg [2013.01.23 17:57:03 | 064,185,135 | ---- | C] () -- C:\Users\User\AppData\Roaming\.minecraft.zip [2013.01.13 00:48:27 | 001,644,462 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.10 15:51:48 | 000,001,073 | ---- | C] () -- C:\Users\User\Videos - Verknüpfung.lnk [2013.01.09 16:37:36 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat [2012.12.19 18:50:16 | 000,005,632 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.18 19:31:33 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll [2012.11.18 19:31:33 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll [2012.11.18 19:31:32 | 000,511,488 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2012.11.14 11:45:13 | 000,000,576 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU MeterV3_Settings.ini [2012.09.12 14:37:23 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.08.23 19:03:45 | 000,000,017 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg [2012.08.18 12:59:01 | 000,122,880 | ---- | C] () -- C:\Windows\rm305.exe [2012.08.18 12:59:01 | 000,000,900 | ---- | C] () -- C:\Windows\rm305.ini [2012.08.11 21:11:11 | 000,000,530 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU MeterV2_Settings.ini [2012.08.11 21:10:44 | 000,000,294 | ---- | C] () -- C:\Users\User\AppData\Roaming\GPU MeterV2_Settings.ini [2012.08.11 19:46:41 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db [2012.07.15 15:25:34 | 000,000,295 | ---- | C] () -- C:\Users\User\.openev [2012.07.15 12:15:02 | 000,000,646 | ---- | C] () -- C:\Windows\FSX_KML.INI [2012.07.09 18:26:33 | 000,000,241 | ---- | C] () -- C:\Users\User\AppData\Roaming\GPU Meter_Settings.ini [2012.07.08 10:30:29 | 000,000,173 | ---- | C] () -- C:\Users\User\AppData\Local\msmathematics.qat.User [2012.07.07 17:50:55 | 000,000,412 | ---- | C] () -- C:\Users\User\AppData\Roaming\All CPU Meter_Settings.ini [2012.06.22 12:51:28 | 000,260,688 | ---- | C] () -- C:\Windows\SUPDRun.exe [2012.04.21 13:55:25 | 000,356,352 | ---- | C] () -- C:\Windows\SysWow64\GPLPatchDLL.dll [2012.04.20 17:50:25 | 000,001,984 | ---- | C] () -- C:\Windows\SysWow64\drivers\papycpu2.sys [2012.04.20 17:47:04 | 000,001,984 | ---- | C] () -- C:\Windows\SysWow64\drivers\papycpu.sys [2012.04.20 17:47:04 | 000,001,856 | ---- | C] () -- C:\Windows\SysWow64\drivers\papyjoy.sys [2012.04.20 17:45:45 | 000,000,439 | ---- | C] () -- C:\Windows\SIERRA.INI [2012.03.29 15:26:48 | 000,000,680 | RHS- | C] () -- C:\Users\User\ntuser.pol [2012.03.17 00:26:57 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.01.26 17:18:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.mc3totalconversion [2013.02.28 16:30:19 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\.minecraft [2012.08.26 16:43:43 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\BANDISOFT [2012.07.27 16:11:57 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Canneverbe Limited [2012.12.31 18:14:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\com.dansl.QRreader [2012.11.18 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\concept design [2013.01.30 15:42:00 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite [2013.01.29 16:04:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DAEMON Tools Net [2013.02.16 00:34:14 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\DesktopIconForAmazon [2013.02.17 14:00:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Dropbox [2012.04.17 18:15:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Duden [2013.01.10 16:26:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Electronic Arts [2013.02.09 18:00:52 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\FileZilla [2012.09.17 16:53:07 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Reader [2012.07.14 17:50:05 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Foxit Software [2012.11.27 20:33:47 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\JOSM [2012.03.30 11:58:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Leadertech [2012.12.01 10:42:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\lennox [2012.11.23 16:04:32 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\logs [2013.01.22 11:59:55 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Minecraft Version Changer [2012.12.13 17:17:48 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MTE [2012.10.06 21:29:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Need for Speed World [2013.03.01 15:34:27 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Notepad++ [2013.02.03 16:26:08 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OCS [2012.12.02 19:58:29 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Origin [2012.09.21 19:56:28 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\pdfforge [2012.07.20 22:09:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ProtectDISC [2012.12.16 14:04:23 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TeamViewer [2013.02.07 19:13:34 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\The Creative Assembly [2013.02.28 17:44:24 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TS3Client [2012.06.30 12:59:36 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\ts3overlay [2013.02.21 15:28:49 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\TuneUp Software [2013.02.18 17:35:39 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Tunngle [2012.07.16 20:59:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Unity [2012.06.30 16:24:11 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\wargaming.net [2012.06.18 15:33:03 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\WatchGuard [2013.01.20 14:17:10 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Waterfox Limited [2012.09.12 14:48:42 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Wondershare Video Converter Platinum [2012.09.12 15:00:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\XMedia Recode [2013.01.29 15:33:56 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\xVideoServiceThief [2012.09.12 14:49:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.02.27 15:52:50 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.09.12 17:30:47 | 000,000,000 | ---D | M] -- C:\4560a6c572b499d39611800522cb [2012.12.19 14:34:24 | 000,000,000 | ---D | M] -- C:\97c0481b3aa9dcb24eb08efcf1e1606c [2013.02.15 15:19:19 | 000,000,000 | ---D | M] -- C:\AiO-Files [2013.02.28 14:29:52 | 000,000,000 | ---D | M] -- C:\Config.Msi [2012.06.22 12:46:49 | 000,000,000 | ---D | M] -- C:\CP1520_Series_Full_Solution [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.03.17 00:25:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.10.26 21:07:38 | 000,000,000 | ---D | M] -- C:\F1 2010 Textures Editor [2013.01.07 17:46:17 | 000,000,000 | ---D | M] -- C:\Flight Simulator X [2013.02.21 15:44:11 | 000,000,000 | ---D | M] -- C:\found.000 [2013.02.23 18:25:01 | 000,000,000 | ---D | M] -- C:\Fraps [2012.07.15 11:53:07 | 000,000,000 | ---D | M] -- C:\fsxkm110 [2012.10.19 10:50:42 | 000,000,000 | ---D | M] -- C:\Games [2013.01.13 17:55:12 | 000,000,000 | ---D | M] -- C:\GPL [2012.06.05 18:06:09 | 000,000,000 | ---D | M] -- C:\gpl sicher [2012.12.12 21:18:02 | 000,000,000 | ---D | M] -- C:\GPLSecrets [2012.08.12 19:51:49 | 000,000,000 | ---D | M] -- C:\lj631ge [2012.04.21 15:32:27 | 000,000,000 | ---D | M] -- C:\Mods [2012.03.19 21:35:50 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.07.07 18:56:19 | 000,000,000 | ---D | M] -- C:\musik konvertiert [2012.04.21 20:55:03 | 000,000,000 | ---D | M] -- C:\Papa [2013.02.12 12:37:04 | 000,000,000 | ---D | M] -- C:\Papyrus [2013.02.20 15:25:01 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.03.01 15:36:09 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.28 14:49:27 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.03.01 14:53:11 | 000,000,000 | ---D | M] -- C:\ProgramData [2013.02.27 15:47:51 | 000,000,000 | ---D | M] -- C:\Qoobox [2012.03.17 00:25:29 | 000,000,000 | ---D | M] -- C:\Recovery [2012.12.12 20:49:20 | 000,000,000 | ---D | M] -- C:\Sierra [2013.01.07 13:03:29 | 000,000,000 | ---D | M] -- C:\steam_sicher [2013.03.01 21:01:38 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.09.21 16:29:35 | 000,000,000 | ---D | M] -- C:\temp [2013.02.21 15:08:39 | 000,000,000 | ---D | M] -- C:\TuneUpPortable [2012.03.30 19:15:12 | 000,000,000 | ---D | M] -- C:\Ubisoft [2012.11.03 15:54:43 | 000,000,000 | ---D | M] -- C:\USB [2012.07.12 18:59:30 | 000,000,000 | R--D | M] -- C:\Users [2012.06.05 16:16:43 | 000,000,000 | ---D | M] -- C:\win7_spezial [2013.02.28 14:53:49 | 000,000,000 | ---D | M] -- C:\Windows [2012.06.05 16:51:12 | 000,000,000 | ---D | M] -- C:\Windows 7 Logon Background Changer [2013.02.22 16:43:03 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.10 21:37:03 | 000,001,102 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.07.10 21:37:03 | 000,001,106 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.07.15 15:25:34 | 000,000,295 | ---- | M] () -- C:\Users\User\.openev [2013.02.15 15:31:36 | 000,000,000 | ---- | M] () -- C:\Users\User\agent.log [2013.03.01 21:03:48 | 003,932,160 | -HS- | M] () -- C:\Users\User\NTUSER.DAT [2013.03.01 21:03:48 | 000,262,144 | -HS- | M] () -- C:\Users\User\ntuser.dat.LOG1 [2012.03.17 00:25:37 | 000,000,000 | -HS- | M] () -- C:\Users\User\ntuser.dat.LOG2 [2012.03.17 18:40:51 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.03.17 18:40:51 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.03.17 18:40:51 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.04.28 19:08:44 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{1abe991d-914f-11e1-b958-902b3410c704}.TM.blf [2012.04.28 19:08:43 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{1abe991d-914f-11e1-b958-902b3410c704}.TMContainer00000000000000000001.regtrans-ms [2012.04.28 19:08:44 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{1abe991d-914f-11e1-b958-902b3410c704}.TMContainer00000000000000000002.regtrans-ms [2013.02.08 20:36:02 | 000,065,536 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{90466440-71f3-11e2-9a39-902b3410c704}.TM.blf [2013.02.08 20:36:02 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{90466440-71f3-11e2-9a39-902b3410c704}.TMContainer00000000000000000001.regtrans-ms [2013.02.08 20:36:02 | 000,524,288 | -HS- | M] () -- C:\Users\User\NTUSER.DAT{90466440-71f3-11e2-9a39-902b3410c704}.TMContainer00000000000000000002.regtrans-ms [2012.03.17 00:25:37 | 000,000,020 | -HS- | M] () -- C:\Users\User\ntuser.ini [2012.10.22 09:50:11 | 000,000,680 | RHS- | M] () -- C:\Users\User\ntuser.pol [2013.01.10 15:51:48 | 000,001,073 | ---- | M] () -- C:\Users\User\Videos - Verknüpfung.lnk < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF < End of report > |
|
01.03.2013, 21:42
| #23 |
| /// Malware-holic | Windows 7 Anwenderprogramme öffnen nur sehr langsam Hi, otl fix Fixen mit OTL
Code:
ATTFilter :OTL
FF - prefs.js..browser.search.defaultenginename: "Search"
[2013.02.03 16:26:36 | 000,002,046 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\searchplugins\360dbd17-2787-4a41-8a5e-a89509e04aca.xml
O8:64bit: - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote senden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft Excel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft Exel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
:files
:Commands
[emptytemp]
Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
01.03.2013, 22:42
| #24 |
| | Windows 7 Anwenderprogramme öffnen nur sehr langsam Hochladen hat funktioniert  Code:
ATTFilter All processes killed
========== OTL ==========
Prefs.js: "Search" removed from browser.search.defaultenginename
C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\h2syn23t.default\searchplugins\360dbd17-2787-4a41-8a5e-a89509e04aca.xml moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote senden\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Excel exportieren\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft Exel exportieren\ not found.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: User
->Temp folder emptied: 21897255 bytes
->Temporary Internet Files folder emptied: 248836 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 151764528 bytes
->Flash cache emptied: 2932 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 418367 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 166,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 03012013_223555
Files\Folders moved on Reboot...
C:\Users\User\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
01.03.2013, 23:11
| #25 |
| /// Malware-holic | Windows 7 Anwenderprogramme öffnen nur sehr langsam Hi, bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
02.03.2013, 15:47
| #26 |
| | Windows 7 Anwenderprogramme öffnen nur sehr langsam Hi, er hat immer mal wieder Probleme, meistens nach einem Neustart läuft der Pc wieder besser. Toolbars etc. habe ich nicht entdeckt. Bei Firefox hängen sich manchmal die Skripte auf und wenn ich im Taskmanager schaue, startet der Flashplayer doppelt, ein Prozess löst sich auf, dann der nächste und dann laden wieder 2x Flash. Dies hab ich manchmal auch bei anderen Programmen. |
|
03.03.2013, 18:54
| #27 |
| /// Malware-holic | Windows 7 Anwenderprogramme öffnen nur sehr langsam ccleaner, extras windows, autostartliste, als txt exportieren und postn bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2013, 19:58
| #28 |
| | Windows 7 Anwenderprogramme öffnen nur sehr langsamCode:
ATTFilter Ja HKCU:Run DAEMON Tools Lite DT Soft Ltd "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Nein HKCU:Run DAEMON Tools Net Agent "C:\Program Files (x86)\DAEMON Tools Net\DTAgent.exe" -autorun
Nein HKCU:Run Duden Korrektor SysTray Expert System S.p.A. C:\Program Files (x86)\Duden\Duden Korrektor\DKTray.exe
Ja HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
Ja HKCU:Run Skype Skype Technologies S.A. "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
Nein HKCU:Run spdetector3 C:\Program Files (x86)\Spyware Process Detector\spd323.exe TRAY
Nein HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\Steam.exe" -silent
Nein HKLM:Run Adobe ARM "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Ja HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
Nein HKLM:Run APSDaemon "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Ja HKLM:Run AVP Kaspersky Lab ZAO "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe"
Ja HKLM:Run BigDog305 Vimicro C:\Windows\VM305_STI.EXE USB PC Camera VC305
Nein HKLM:Run FrameManager Samsung Electronics Co. Ltd C:\Program Files\Samsung\FrameManager\FrameManager.exe
Ja HKLM:Run IMSS Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
Nein HKLM:Run LogitechQuickCamRibbon Logitech Inc "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
Nein HKLM:Run LogMeIn Hamachi Ui LogMeIn Inc. "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
Nein HKLM:Run QuickTime Task "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Ja HKLM:Run RoccatKonePure ROCCAT GmbH "C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE"
Ja HKLM:Run RtHDVCpl Realtek Semiconductor C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
Nein HKLM:Run Start WingMan Profiler Logitech Inc. C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
Ja HKLM:Run SunJavaUpdateSched Sun Microsystems, Inc. "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
Ja HKLM:Run USB3MON Intel Corporation "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
Nein HKLM:Run Wondershare Helper Compact.exe Wondershare C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Nein Startup User OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk Microsoft Corporation C:\PROGRA~2\MICROS~1\Office14\ONENOTEM.EXE /tsr
|
|
03.03.2013, 21:31
| #29 |
| /// Malware-holic | Windows 7 Anwenderprogramme öffnen nur sehr langsam ok alle haken raus außer AVP neustarten, wenn was fehlt reaktivieren wirs, läufts besser?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
03.03.2013, 21:43
| #30 |
| | Windows 7 Anwenderprogramme öffnen nur sehr langsam Ich werde dies nachher machen, habe mittlerweile neues Kaspersky und seitdem keine Probleme mehr gehabt. |
|
| Themen zu Windows 7 Anwenderprogramme öffnen nur sehr langsam |
| anwendungsprogramme, arten, einiger, langsam, problem, sehr langsam, starte, starten, windows, windows 7, öffnen |
Textbox. 
Linear-Darstellung
