| |
| |||||||
Log-Analyse und Auswertung: PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herumWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.07.2010, 15:01
| #1 |
 |  PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Hallo liebes Trojaner Board Helfer Team, vor kurzem habe ich mir einige Viren eingefangen und nach kurzer Recherche bin ich auf deises Forum gestoßen. Mein ursprüngliches Problem war, dass sich auf einmal der IE geöffnet hat, Werbung gezeigt und versucht hat irgendetwas herunter zu laden. Da es dieses Problem öfter in diesem Forum gibt, bin ich einfach nach einer der Anleitungen gegangen und bin dieses problem losgeworden. Jetzt allerdings tritt ein bzw. mehrere neue/s Problem/e auf und ich würde gerne eine Sicherheit haben, dass dalles beseitigt wurde.
HJT Log: Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:18:43, on 11.07.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskeng.exe C:\Windows\Explorer.EXE C:\Program Files\Connectify\ConnectifyService.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Connectify\Connectify.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ICQ7.0\ICQ.exe C:\Program Files\FreeHideIP\FreeHideIP.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Thunderbird\thunderbird.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Steam\Steam.exe C:\Program Files\BumpTop\BumpTop.exe C:\Program Files\Greenshot\Greenshot.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Connectify\Connectifyd.exe C:\Program Files\BumpTop\TexHelper.exe C:\Program Files\BumpTop\TexHelper.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe C:\Program Files\Connectify\DualServer.exe C:\Windows\system32\conhost.exe C:\Windows\system32\taskmgr.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" O4 - HKCU\..\Run: [Connectify] C:\Program Files\Connectify\Connectify.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [Free Hide IP] C:\Program Files\FreeHideIP\FreeHideIP.exe O4 - HKCU\..\Run: [Firefox] C:\Program Files\Mozilla Firefox\firefox.exe O4 - HKCU\..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe -mail O4 - HKCU\..\Run: [iTunes] C:\Program Files\iTunes\iTunes.exe O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: Greenshot.lnk = C:\Program Files\Greenshot\Greenshot.exe O4 - Global Startup: BumpTop.lnk = C:\Program Files\BumpTop\BumpTop.exe O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Free YouTube Download - C:\Users\Jannik\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Jannik\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Tweak7SystemService - Totalidea Software - C:\Windows\system32\Tweak7SystemService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe -- End of file - 9426 bytes P.S.: Wie stelle ich das ein, dass der Virenwarnton nicht aus meien Kopfhörern, sondern aus dem Tower selber kommt? Seit dem Windows 7 Upgrade erfahre ich nur dann von einem Fund, wenn ich die Boxen an habe. Das hat unter Windows Vista tadellos geklappt. P.P.S.: kann man dieses Forum auch über Tapatalk fürs iPhone aufrufen? 
__________________ Windows 7 Home Premium 32-Bit Original Geändert von DerHivi (11.07.2010 um 15:23 Uhr) |
|
12.07.2010, 13:17
| #2 | ||
| /// Winkelfunktion /// TB-Süch-Tiger™   |  PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Hallo und
__________________ Zitat:
Zitat:
 Lies doch einfach mal hier, ich denke dann sollte es etwas klarer werden: Personal_Firewalls - ubuntuusers.de NT-Dienste sicher konfigurieren und abschalten (Windows 2000/XP) - www.ntsvcfg.de microsoft.public.de.security.heimanwender FAQ Dann wirst Du feststellen, dass es einfach nur unnötig ist, sich das System mit einer weiteren "Schutzkomponente" zu verhunzen...  Malwarebefall vermeiden kannst Du sowieso nur, wenn Du selbst Dein verhalten in den Griff bekommst => Kompromittierung unvermeidbar?
__________________ |
|
12.07.2010, 19:18
| #3 |
| | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Vielen Dank für deine Rückmeldung.
__________________Was genau gefunden wurde und wo, weiß ich nicht mehr. Hab das Logfile dummerweise überschrieben. Ich habe Scans mit HJT und MBAM gemacht, und weiß jetzt nicht mehr, wo ich die Infos über die Viren herbekommen kann... Klar, je mehr Programme, desto unsicherer, ohne Update wird nichts und eine Kontrolle des Surfverhaltens ist natürlich wichtig, dennnoch bin ich auch nur ein Mensch und mache genau die selben Fehler wie alle anderen auch, aber das löst meine Probleme nicht. Im Moment nützt es mir nichts zu wissen, was ich im Vorfeld falsch gemacht habe, solange das Problem besteht. In der Hinsicht für die Informationen, aber es wäre trotzdem Hilfreich, wenn du auch auf die anderen Probleme eingegangen wärst.Gruß DerHivi
__________________ |
|
12.07.2010, 19:36
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herumZitat:
Schau im Programme (Malwarebytes) im Reiter Logdateien nach und poste alle Logs.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
12.07.2010, 21:01
| #5 | |||||
| | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Sorry, das war nicht böse gemeint. Ich dachte nur, dass es trotzdem möglich ist auf die anderen Probleme ein zu gehen, wie z.B. auf das Problem mit dem Virensound durch die externen Boxen/ Kopfhörer und nicht durch den Towerlautsprecher. Egal, anbei das MBAM Logfile der Infizierung, alle anderen sind sauber. Zitat:
Was bedeutet das? DerHivi P.S.: ein weiteres MBAM Logfile bzgl. der Avira funde folgt, der scannt gerade.
__________________ Windows 7 Home Premium 32-Bit Original |
|
12.07.2010, 21:40
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herumZitat:
__________________ --> PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum |
|
13.07.2010, 15:02
| #7 | |
| | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Seltsamer weise findet MBAM hier nur einen. Aber Avira hat vor kurzem wieder 2 gemeldet Diese Avira Funde waren zwischen 13:54 und 13:56 des heutigen Tages: Zitat:
Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4308
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
13.07.2010 15:52:00
mbam-log-2010-07-13 (15-52-00).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 459552
Laufzeit: 2 Stunde(n), 22 Minute(n), 41 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Users\***\AppData\Roaming\chrtmp (Malware.Trace) -> Quarantined and deleted successfully.
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
__________________ Windows 7 Home Premium 32-Bit Original Geändert von DerHivi (13.07.2010 um 15:08 Uhr) |
|
13.07.2010, 15:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
13.07.2010, 22:41
| #9 |
| | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum OTL.txt Code:
ATTFilter OTL logfile created on: 13.07.2010 21:40:25 - Run 3 OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\***\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free 6,00 Gb Paging File | 3,00 Gb Available in Paging File | 43,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 144,29 Gb Free Space | 32,37% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32 Drive E: | 515,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS F: Drive not present or media not loaded Drive G: | 1,90 Gb Total Space | 1,90 Gb Free Space | 100,00% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***S-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.) PRC - C:\Programme\Connectify\ConnectifyService.exe (Connectify) PRC - C:\Programme\Connectify\Connectify.exe (Connectify) PRC - C:\Programme\Connectify\Connectifyd.exe (Connectify) PRC - C:\Programme\Connectify\DualServer.exe () PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe (Apple Inc.) PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Programme\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) PRC - C:\Windows\System32\Tweak7SystemService.exe (Totalidea Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\FreeHideIP\FreeHideIP.exe (FreeHideIP.Com) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Sandboxie\SbieSvc.exe (tzuk) PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\BumpTop\TexHelper.exe () PRC - C:\Programme\BumpTop\BumpTop.exe () PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\swriter.exe (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies) PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) PRC - C:\Programme\Greenshot\Greenshot.exe () PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Programme\TeamViewer\Version5\TV.dll (TeamViewer GmbH) MOD - C:\Programme\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll (Check Point Software Technologies) MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\slc.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (Tweak7SystemService) -- C:\Windows\System32\Tweak7SystemService.exe (Totalidea Software) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk) SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (vsmon) -- C:\Windows\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD) SRV - (IswSvc) -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe (Check Point Software Technologies) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (MSSQL$SONY_MEDIAMGR2) SQL Server (SONY_MEDIAMGR2) -- c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) SRV - (SQLWriter) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (SQLBrowser) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe (Microsoft Corporation) SRV - (MSSQLServerADHelper) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe (Microsoft Corporation) SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV - (connctfyMP) -- C:\Windows\System32\drivers\connctfy.sys (Connectify) DRV - (connctfy) -- C:\Windows\System32\drivers\connctfy.sys (Connectify) DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys () DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (Vsdatant) -- C:\Windows\System32\drivers\vsdatant.sys (Check Point Software Technologies LTD) DRV - (KMWDFilter1X) -- C:\Windows\System32\drivers\RP24GV1.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies) DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (NXP Semiconductors) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.) DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.orbitdownloader.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F 99 AE 8F 82 E5 CA 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.orbitdownloader.com" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1 FF - prefs.js..extensions.enabledItems: elemhidehelper@adblockplus.org:1.0.6 FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.0.4 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503 FF - prefs.js..extensions.enabledItems: support@free-hideip.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6 FF - prefs.js..extensions.enabledItems: aboutme@test.mozilla.com:0.4.1 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9 FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.29 FF - prefs.js..extensions.enabledItems: yesscript@userstyles.org:1.7 FF - prefs.js..extensions.enabledItems: {5872365e-67d1-4afd-9480-fd293bebd20d}:1.7.7 FF - prefs.js..extensions.enabledItems: pwgen@alouche.net:0.4.5 FF - prefs.js..extensions.enabledItems: fx4options@skorek.com:1.2.3c FF - prefs.js..extensions.enabledItems: fx4theme@skorek.com:1.2.1.b FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2010.06.24 20:25:00 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.27 14:26:44 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.05 18:17:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0b1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 1\components [2010.07.08 15:52:46 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.06.19 14:52:21 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.05 18:17:39 | 000,000,000 | ---D | M] [2010.04.10 13:13:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.04.10 13:13:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.07.12 23:17:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions [2010.06.19 14:56:22 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2010.06.28 21:39:09 | 000,000,000 | ---D | M] (PasswordMaker) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{5872365e-67d1-4afd-9480-fd293bebd20d} [2010.06.07 17:14:38 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2010.05.13 22:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.07.11 10:12:58 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.05.15 00:40:31 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f} [2010.05.16 21:56:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\aboutme@test.mozilla.com [2010.03.27 01:04:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\elemhidehelper@adblockplus.org [2010.06.29 09:30:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\fx4options@skorek.com [2010.06.29 09:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\fx4theme@skorek.com [2010.06.28 21:39:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\pwgen@alouche.net [2010.04.13 18:28:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\spam@trashmail.net [2010.05.12 21:50:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\support@free-hideip.com [2010.06.28 21:39:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\yesscript@userstyles.org [2010.06.29 09:30:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\d8rk64kd.default\extensions\fx4theme@skorek.com\chrome\mozapps\extensions [2010.07.10 22:58:59 | 000,000,927 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\d8rk64kd.default\searchplugins\wie-sagt-man-noch---suche.xml [2010.06.01 19:15:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.05.13 20:46:56 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.06.01 19:15:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.06.01 19:15:29 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll [2010.06.12 03:24:05 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.06.12 03:24:05 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.06.12 03:24:05 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.06.12 03:24:05 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.06.12 03:24:05 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (ZoneAlarm Toolbar Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O3 - HKLM\..\Toolbar: (ZoneAlarm Toolbar) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [Connectify] C:\Programme\Connectify\Connectify.exe (Connectify) O4 - HKCU..\Run: [Firefox] C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) O4 - HKCU..\Run: [Free Hide IP] C:\Programme\FreeHideIP\FreeHideIP.exe (FreeHideIP.Com) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [iTunes] C:\Programme\iTunes\iTunes.exe (Apple Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - HKCU..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greenshot.lnk = C:\Programme\Greenshot\Greenshot.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = [binary data] O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Programme\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2001.02.24 20:09:40 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{3b33d37e-4abb-11df-82af-001d9275f84a}\Shell - "" = AutoRun O33 - MountPoints2\{3b33d37e-4abb-11df-82af-001d9275f84a}\Shell\AutoRun\command - "" = I:\LGAutoRun.exe -- File not found O33 - MountPoints2\{b4aed48d-579b-11df-8ec1-8ca438202abf}\Shell - "" = AutoRun O33 - MountPoints2\{b4aed48d-579b-11df-8ec1-8ca438202abf}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found O33 - MountPoints2\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2001.11.14 12:35:48 | 000,069,632 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk /r \??\M:) - File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.07.12 23:09:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun [2010.07.11 16:07:49 | 000,000,000 | ---D | C] -- C:\Programme\Belarc [2010.07.11 11:56:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Sakura [2010.07.11 11:51:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2010.07.09 18:58:29 | 000,000,000 | ---D | C] -- C:\Programme\Steam [2010.07.08 15:52:40 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 1 [2010.07.05 20:07:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Need for Speed World [2010.07.05 18:55:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Games for Windows - LIVE Demos [2010.07.05 18:51:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Totalidea_Software [2010.07.05 18:51:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Tweak-7 [2010.07.05 18:40:03 | 000,000,000 | ---D | C] -- C:\Windows\Tweak-7 [2010.07.05 18:40:03 | 000,000,000 | ---D | C] -- C:\Programme\Tweak-7 [2010.07.04 01:58:17 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Pro Photo Tools [2010.07.04 01:41:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Dupehunter Professional [2010.07.04 01:41:07 | 000,000,000 | ---D | C] -- C:\Programme\CH-Soft [2010.07.03 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games [2010.07.03 14:55:09 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\games [2010.07.02 18:53:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Electronic_Arts_Inc [2010.07.01 20:37:47 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010.06.29 22:56:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics [2010.06.25 22:37:04 | 000,000,000 | ---D | C] -- C:\Programme\GameSpy Arcade [2010.06.25 22:28:11 | 000,000,000 | ---D | C] -- C:\Programme\Croteam [2010.06.24 20:09:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ForceField Shared Files [2010.06.24 20:09:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CheckPoint [2010.06.24 20:08:54 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint [2010.06.24 20:08:50 | 000,046,472 | ---- | C] (Zone Labs Inc.) -- C:\Windows\System32\vsutil_loc0407.dll [2010.06.24 20:08:47 | 000,058,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsregexp.dll [2010.06.24 20:08:40 | 000,103,816 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcommdb.dll [2010.06.24 20:08:40 | 000,069,000 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zlcomm.dll [2010.06.24 20:08:31 | 000,041,864 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vswmi.dll [2010.06.24 20:08:28 | 001,238,408 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\zpeng25.dll [2010.06.24 20:08:28 | 000,109,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsxml.dll [2010.06.24 20:08:27 | 000,299,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vspubapi.dll [2010.06.24 20:08:27 | 000,107,912 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsmonapi.dll [2010.06.24 20:08:26 | 000,112,008 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsdata.dll [2010.06.24 20:08:11 | 000,450,248 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\drivers\vsdatant.sys [2010.06.24 20:08:11 | 000,000,000 | ---D | C] -- C:\Windows\System32\ZoneLabs [2010.06.24 20:08:10 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs [2010.06.24 20:07:45 | 000,000,000 | ---D | C] -- C:\Windows\Internet Logs [2010.06.24 20:07:45 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint [2010.06.24 20:07:44 | 000,621,960 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsutil.dll [2010.06.24 20:07:44 | 000,227,720 | ---- | C] (Check Point Software Technologies LTD) -- C:\Windows\System32\vsinit.dll [2010.06.23 22:57:38 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010.06.23 22:57:38 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010.06.23 22:57:38 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010.06.23 22:01:50 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner [2010.06.23 16:05:39 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010.06.23 16:05:38 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010.06.23 16:05:38 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010.06.23 16:05:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax [2010.06.21 14:30:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010.06.21 14:30:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.06.21 14:30:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.06.21 14:30:02 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.06.21 14:30:02 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.06.20 22:38:57 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro [2010.06.20 16:33:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Soldat [2010.06.20 16:33:43 | 000,000,000 | ---D | C] -- C:\Soldat [2010.06.20 15:46:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment [2010.06.20 15:46:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apps [2010.06.20 13:09:48 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2010.06.20 13:07:11 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour [2010.06.19 15:05:19 | 000,000,000 | ---D | C] -- C:\Programme\Bridge It Demo [2010.06.19 11:51:52 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files [2010.06.17 21:52:26 | 000,000,000 | ---D | C] -- C:\Users\J***\AppData\Roaming\NCH Swift Sound [2010.06.15 21:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound [2010.06.15 21:45:03 | 000,000,000 | ---D | C] -- C:\Programme\NCH Swift Sound [2010.06.15 21:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Software [2010.06.15 21:44:32 | 000,000,000 | ---D | C] -- C:\Programme\NCH Software [2010.06.15 21:44:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NCH Software [2010.06.15 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec [2010.06.15 18:47:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS [2010.06.15 18:47:43 | 000,000,000 | ---D | C] -- C:\Programme\Norton Security Scan [2010.06.15 18:47:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2010.06.15 18:47:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSS\0207030.022 [2010.06.15 18:47:41 | 000,000,000 | ---D | C] -- C:\Programme\NortonInstaller [2010.06.15 18:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2010.06.14 14:05:20 | 000,029,248 | ---- | C] (Connectify) -- C:\Windows\System32\drivers\connctfy.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.07.13 21:41:06 | 002,621,440 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010.07.13 21:32:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.13 18:40:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.13 18:37:00 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for ***.job [2010.07.13 16:05:52 | 000,175,149 | ---- | M] () -- C:\Users\***\Desktop\MBAM.jpg [2010.07.13 15:52:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\iwdcfutl.sys [2010.07.13 14:16:12 | 000,000,120 | -H-- | M] () -- C:\Users\***\Documents\.~lock.Feldmessen.odt# [2010.07.13 13:22:39 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.07.13 13:22:39 | 000,013,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.07.13 13:15:22 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.07.13 13:15:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.07.12 23:55:11 | 003,645,794 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010.07.12 23:54:20 | 000,020,502 | ---- | M] () -- C:\Users\***\Documents\Feldmessen.odt [2010.07.12 23:09:14 | 000,002,964 | ---- | M] () -- C:\Users\***\Desktop\OpenOffice.org_3.2.1_Win_x86_install_de.exe [2010.07.12 22:31:09 | 000,007,920 | ---- | M] () -- C:\Users\***\Desktop\sasha.jpg [2010.07.11 20:15:51 | 000,000,215 | ---- | M] () -- C:\Users\***\Desktop\Supreme Commander 2.url [2010.07.11 20:12:32 | 000,000,213 | ---- | M] () -- C:\Users\***\Desktop\Counter-Strike Source.url [2010.07.11 16:07:50 | 000,001,995 | ---- | M] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk [2010.07.11 15:26:29 | 000,001,017 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Greenshot.lnk [2010.07.11 13:11:48 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat [2010.07.11 12:28:08 | 001,630,412 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.07.11 12:28:08 | 000,700,636 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.07.11 12:28:08 | 000,662,518 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.07.11 12:28:08 | 000,147,682 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.07.11 12:28:08 | 000,124,072 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.07.10 00:01:42 | 000,000,213 | ---- | M] () -- C:\Users\***\Desktop\Half-Life 2 Lost Coast.url [2010.07.10 00:01:42 | 000,000,213 | ---- | M] () -- C:\Users\***\Desktop\Half-Life 2 Deathmatch.url [2010.07.10 00:01:42 | 000,000,195 | ---- | M] () -- C:\Users\***\Desktop\Portal The First Slice.url [2010.07.09 19:41:47 | 000,000,879 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk [2010.07.08 15:52:47 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 1.lnk [2010.07.07 18:35:18 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.07.07 18:34:56 | 000,002,246 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.07.05 22:41:09 | 000,012,954 | ---- | M] () -- C:\Users\***\Documents\Zellsplat.odt [2010.07.05 18:17:40 | 000,001,988 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.07.05 01:51:49 | 000,006,656 | ---- | M] () -- C:\Users\***\Desktop\Vorlage_Halbfinale.xls [2010.07.05 01:00:44 | 000,011,463 | ---- | M] () -- C:\Users\***\Documents\asd.ods [2010.07.04 01:58:18 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Pro Photo Tools.lnk [2010.07.04 01:43:29 | 000,005,052 | ---- | M] () -- C:\Users\***\Documents\Fopr.dhjb [2010.07.03 15:23:48 | 000,006,656 | ---- | M] () -- C:\Users\***\Desktop\Vorlage_Viertelfinale.xls [2010.07.01 18:41:53 | 000,004,646 | ---- | M] () -- C:\Users\***\.recently-used.xbel [2010.07.01 18:26:47 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.06.29 23:05:02 | 000,015,292 | ---- | M] () -- C:\Users\***\Documents\Unbenannt 1.odt [2010.06.29 00:00:37 | 000,161,126 | ---- | M] () -- C:\Users\***\Desktop\iTunes fehler.jpg [2010.06.28 13:30:26 | 000,639,413 | ---- | M] () -- C:\Users\***\Desktop\_fx4-1.2.1c-fx-win.xpi [2010.06.27 14:22:23 | 000,007,168 | ---- | M] () -- C:\Users\***\Desktop\Vorlage_Achtelfinale.xls [2010.06.25 22:37:26 | 000,000,970 | ---- | M] () -- C:\Users\***\Desktop\GameSpy Arcade.lnk [2010.06.24 20:09:24 | 000,422,437 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.06.24 20:08:52 | 000,005,977 | ---- | M] () -- C:\Windows\System32\vsconfig.xml [2010.06.24 20:08:52 | 000,001,040 | ---- | M] () -- C:\Users\***\Desktop\ZoneAlarm Security.lnk [2010.06.24 19:24:50 | 000,058,342 | ---- | M] () -- C:\Users\***\Desktop\Steam.jpg [2010.06.23 22:01:52 | 000,001,835 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.06.23 21:11:49 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010.06.23 19:10:25 | 000,061,916 | ---- | M] () -- C:\Users\***\Desktop\Hannes´.pdf [2010.06.23 18:55:48 | 000,135,676 | ---- | M] () -- C:\Users\***\Documents\Die Normalität.xps [2010.06.23 16:52:34 | 000,370,681 | ---- | M] () -- C:\Users\***\Desktop\a13ca8d1e59ee38651c6f527dea.jpg [2010.06.22 19:37:54 | 000,000,000 | R--- | M] () -- C:\logwmemory.bin [2010.06.21 14:30:06 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.20 21:56:54 | 000,002,476 | ---- | M] () -- C:\Users\***\Desktop\settings.json [2010.06.20 20:50:16 | 000,208,525 | ---- | M] () -- C:\Users\***\Desktop\Prod.jpg [2010.06.20 20:50:05 | 000,661,860 | ---- | M] () -- C:\Users\***\Desktop\Prod.xcf [2010.06.20 16:39:30 | 000,088,012 | ---- | M] () -- C:\Users\***\Desktop\meindesktop.jpg [2010.06.20 16:34:03 | 000,001,527 | ---- | M] () -- C:\Users\***\Desktop\Soldat Manual.lnk [2010.06.20 16:34:03 | 000,001,483 | ---- | M] () -- C:\Users\***\Desktop\Soldat Community Guides.lnk [2010.06.20 16:34:03 | 000,000,575 | ---- | M] () -- C:\Users\***\Desktop\Soldat Mod Starter.lnk [2010.06.20 16:34:02 | 000,000,582 | ---- | M] () -- C:\Users\***\Desktop\Soldat.lnk [2010.06.20 16:17:51 | 000,016,896 | ---- | M] () -- C:\Users\***\Desktop\Hannes´Analien.doc [2010.06.20 15:58:56 | 000,012,658 | ---- | M] () -- C:\Users\***\Desktop\Hannes´Analien.odt [2010.06.20 13:10:30 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.19 11:50:04 | 000,001,246 | ---- | M] () -- C:\Windows\Sandboxie.ini [2010.06.19 11:50:02 | 000,063,768 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010.06.19 11:44:01 | 000,291,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.06.15 21:46:31 | 000,001,093 | ---- | M] () -- C:\Users\Public\Desktop\MixPad Audio Mixer.lnk [2010.06.15 21:45:03 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk [2010.06.15 18:47:45 | 000,001,310 | ---- | M] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.06.15 18:47:43 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.06.15 16:34:37 | 000,016,895 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung Blindenschule.odt [2010.06.15 16:34:28 | 000,017,029 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung Bahnhofsmission.odt [2010.06.15 16:34:18 | 000,016,413 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung.odt [2010.06.15 15:50:51 | 000,001,592 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.06.15 15:50:44 | 000,001,086 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.06.15 15:50:27 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk [2010.06.15 15:38:34 | 000,015,987 | ---- | M] () -- C:\Users\***\Desktop\Bewerbung Programmierung Cypref IT-Solutions Herr Heitmann (Betr. pr.).odt [2010.06.15 15:36:31 | 000,009,661 | ---- | M] () -- C:\Users\***\Desktop\noname.odt [2010.06.14 21:29:53 | 000,011,776 | ---- | M] () -- C:\Users\***\Desktop\tipp.xls [2010.06.14 21:22:32 | 000,010,704 | ---- | M] () -- C:\Users\***\Desktop\Unbenannt 1.odt [2010.06.14 16:58:32 | 000,002,479 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2010.06.14 14:05:20 | 000,029,248 | ---- | M] (Connectify) -- C:\Windows\System32\drivers\connctfy.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.07.13 16:05:51 | 000,175,149 | ---- | C] () -- C:\Users\***\Desktop\MBAM.jpg [2010.07.13 15:52:07 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\iwdcfutl.sys [2010.07.13 14:16:12 | 000,000,120 | -H-- | C] () -- C:\Users\***\Documents\.~lock.Feldmessen.odt# [2010.07.12 23:54:18 | 000,020,502 | ---- | C] () -- C:\Users\***\Documents\Feldmessen.odt [2010.07.12 23:09:14 | 000,002,964 | ---- | C] () -- C:\Users\***\Desktop\OpenOffice.org_3.2.1_Win_x86_install_de.exe [2010.07.12 22:31:08 | 000,007,920 | ---- | C] () -- C:\Users\***\Desktop\sasha.jpg [2010.07.11 20:15:51 | 000,000,215 | ---- | C] () -- C:\Users\***\Desktop\Supreme Commander 2.url [2010.07.11 20:12:32 | 000,000,213 | ---- | C] () -- C:\Users\***\Desktop\Counter-Strike Source.url [2010.07.11 16:07:50 | 000,001,995 | ---- | C] () -- C:\Users\Public\Desktop\Belarc Advisor.lnk [2010.07.11 13:11:48 | 000,003,552 | ---- | C] () -- C:\bootsqm.dat [2010.07.10 00:01:42 | 000,000,213 | ---- | C] () -- C:\Users\***\Desktop\Half-Life 2 Lost Coast.url [2010.07.10 00:01:42 | 000,000,213 | ---- | C] () -- C:\Users\***\Desktop\Half-Life 2 Deathmatch.url [2010.07.09 19:48:22 | 000,000,195 | ---- | C] () -- C:\Users\***\Desktop\Portal The First Slice.url [2010.07.09 18:58:30 | 000,000,879 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk [2010.07.08 15:52:46 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 1.lnk [2010.07.07 18:35:18 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2010.07.07 18:34:56 | 000,002,246 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk [2010.07.07 18:27:40 | 000,001,096 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.07.07 18:27:38 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.07.05 22:41:07 | 000,012,954 | ---- | C] () -- C:\Users\***\Documents\Zellsplat.odt [2010.07.05 01:51:09 | 000,006,656 | ---- | C] () -- C:\Users\***\Desktop\Vorlage_Halbfinale.xls [2010.07.05 01:00:42 | 000,011,463 | ---- | C] () -- C:\Users\***\Documents\asd.ods [2010.07.04 01:58:18 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Pro Photo Tools.lnk [2010.07.04 01:43:29 | 000,005,052 | ---- | C] () -- C:\Users\***\Documents\Fopr.dhjb [2010.07.01 18:41:53 | 000,004,646 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.07.01 17:27:39 | 000,006,656 | ---- | C] () -- C:\Users\***\Desktop\Vorlage_Viertelfinale.xls [2010.06.29 09:29:37 | 000,639,413 | ---- | C] () -- C:\Users\***\Desktop\_fx4-1.2.1c-fx-win.xpi [2010.06.29 00:15:36 | 000,015,292 | ---- | C] () -- C:\Users\***\Documents\Unbenannt 1.odt [2010.06.29 00:00:37 | 000,161,126 | ---- | C] () -- C:\Users\***\Desktop\iTunes fehler.jpg [2010.06.27 14:20:17 | 000,007,168 | ---- | C] () -- C:\Users\***\Desktop\Vorlage_Achtelfinale.xls [2010.06.25 22:37:26 | 000,000,970 | ---- | C] () -- C:\Users\***\Desktop\GameSpy Arcade.lnk [2010.06.24 20:08:52 | 000,005,977 | ---- | C] () -- C:\Windows\System32\vsconfig.xml [2010.06.24 20:08:52 | 000,001,040 | ---- | C] () -- C:\Users\***\Desktop\ZoneAlarm Security.lnk [2010.06.24 20:08:11 | 000,422,437 | -H-- | C] () -- C:\Windows\System32\drivers\vsconfig.xml [2010.06.24 19:24:50 | 000,058,342 | ---- | C] () -- C:\Users\***\Desktop\Steam.jpg [2010.06.23 22:53:50 | 002,432,325 | ---- | C] () -- C:\Users\***\Desktop\50-hammertipps-google.pdf [2010.06.23 22:01:52 | 000,001,835 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.06.23 19:10:23 | 000,061,916 | ---- | C] () -- C:\Users\***\Desktop\Hannes´.pdf [2010.06.23 18:55:46 | 000,135,676 | ---- | C] () -- C:\Users\***\Documents\Die Normalität.xps [2010.06.23 16:52:33 | 000,370,681 | ---- | C] () -- C:\Users\***\Desktop\a13ca8d1e59ee38651c6f527dea.jpg [2010.06.22 19:37:54 | 000,000,000 | R--- | C] () -- C:\logwmemory.bin [2010.06.21 14:30:06 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.06.20 20:50:16 | 000,208,525 | ---- | C] () -- C:\Users\***\Desktop\Prod.jpg [2010.06.20 20:49:05 | 000,661,860 | ---- | C] () -- C:\Users\***\Desktop\Prod.xcf [2010.06.20 16:39:30 | 000,088,012 | ---- | C] () -- C:\Users\***\Desktop\meindesktop.jpg [2010.06.20 16:34:03 | 000,001,527 | ---- | C] () -- C:\Users\***\Desktop\Soldat Manual.lnk [2010.06.20 16:34:03 | 000,001,483 | ---- | C] () -- C:\Users\***\Desktop\Soldat Community Guides.lnk [2010.06.20 16:34:03 | 000,000,575 | ---- | C] () -- C:\Users\***\Desktop\Soldat Mod Starter.lnk [2010.06.20 16:34:02 | 000,000,582 | ---- | C] () -- C:\Users\***\Desktop\Soldat.lnk [2010.06.20 16:17:47 | 000,016,896 | ---- | C] () -- C:\Users\***\Desktop\Hannes´Analien.doc [2010.06.20 13:10:30 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010.06.18 17:41:26 | 000,012,658 | ---- | C] () -- C:\Users\***\Desktop\Hannes´Analien.odt [2010.06.15 21:46:31 | 000,001,093 | ---- | C] () -- C:\Users\Public\Desktop\MixPad Audio Mixer.lnk [2010.06.15 21:45:03 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\WavePad Sound Editor.lnk [2010.06.15 18:47:46 | 000,000,476 | -H-- | C] () -- C:\Windows\tasks\Norton Security Scan for ***.job [2010.06.15 18:47:45 | 000,001,310 | ---- | C] () -- C:\Users\Public\Desktop\Norton Security Scan.lnk [2010.06.15 18:47:43 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSS\0207030.022\isolate.ini [2010.06.15 15:36:31 | 000,009,661 | ---- | C] () -- C:\Users\***\Desktop\noname.odt [2010.06.14 21:22:30 | 000,010,704 | ---- | C] () -- C:\Users\***\Desktop\Unbenannt 1.odt [2010.06.06 13:28:11 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys [2010.05.16 12:03:59 | 000,001,246 | ---- | C] () -- C:\Windows\Sandboxie.ini [2010.04.15 19:15:54 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.04.15 19:15:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010.04.15 19:15:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.04.15 19:15:51 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.04.15 19:15:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2010.04.15 19:15:50 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat [2009.08.19 09:26:48 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys [2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 13.07.2010 21:40:25 - Run 3
OTL by OldTimer - Version 3.2.6.1 Folder = C:\Users\***\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
6,00 Gb Paging File | 3,00 Gb Available in Paging File | 43,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 144,29 Gb Free Space | 32,37% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,52 Gb Free Space | 52,63% Space Free | Partition Type: FAT32
Drive E: | 515,64 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
Drive G: | 1,90 Gb Total Space | 1,90 Gb Free Space | 100,00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ***S-PC
Current User Name: ***
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Nexon\Combat Arms EU\CombatArms.exe" = C:\Nexon\Combat Arms EU\CombatArms.exe:*Enabled:CombatArms.exe -- (Nexon)
"C:\Nexon\Combat Arms EU\Engine.exe" = C:\Nexon\Combat Arms EU\Engine.exe:*Enabled:Engine.exe -- (Nexon)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07B562FD-E90D-4DC8-89E8-75C706D06E2B}" = Sony Media Manager 2.3
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{146E206D-7D2C-493A-B431-1F1D16E822AF}" = MobileMe Control Panel
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1B9B5B3B-28E7-4E59-A80D-D670AA984514}" = Nokia Connectivity Cable Driver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SONY_MEDIAMGR2)
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{56B4002F-671C-49F4-984C-C760FE3806B5}" = Microsoft SQL Server VSS Writer
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71702641-2849-45A4-8E62-4B85974B24A0}_is1" = BumpTop
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{815050E5-F545-11D4-9569-004095812ACC}" = Serious Sam: Der erste Kontakt
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A05CF147-BEED-4880-BF9B-4EAF22C77FFD}" = Microsoft Pro Photo Tools
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BD68F46D-8A82-4664-8E68-F87C55BDEFD4}" = Microsoft SQL Server Native Client
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C2D129C0-7508-11DF-9F1B-005056806466}" = Google Earth
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D89EF3B3-6F17-4665-B7A9-A4235A6DC787}" = Ghost Recon
"{E1640DA5-89B4-4F52-B15D-5DA3D14F29D4}" = LG USB Modem Drivers
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Belarc Advisor" = Belarc Advisor 8.1
"CCleaner" = CCleaner
"Cheatbook Database 2010" = Cheatbook Database 2010
"ClearProg" = ClearProg 1.6.1 Beta 3
"Combat Arms" = Combat Arms
"Combat Arms EU" = Combat Arms EU
"Connectify" = Connectify
"DivX Setup.divx.com" = DivX-Setup
"Free Studio_is1" = Free Studio version 4.6
"FreeHideIP" = Free Hide IP
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Greenshot_is1" = Greenshot
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"MixPad" = MixPad Audio Mixer
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Firefox (4.0b1)" = Mozilla Firefox (4.0b1)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Sandboxie" = Sandboxie 3.442
"Soldat_is1" = Soldat 1.5.0
"Stanza" = Stanza
"Steam App 240" = Counter-Strike: Source
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 40100" = Supreme Commander 2
"Steam App 410" = Portal: First Slice
"Steam App 41010" = Serious Sam HD: The Second Encounter
"TeamViewer 5" = TeamViewer 5
"TrueCrypt" = TrueCrypt
"TuneUp Utilities" = TuneUp Utilities
"Tweak-7" = Tweak-7
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.5
"WavePad" = WavePad Sound Editor
"WinGimp-2.0_is1" = GIMP 2.6.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wormux" = Wormux
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== Last 10 Event Log Errors ==========
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
< End of report >
__________________ Windows 7 Home Premium 32-Bit Original |
|
14.07.2010, 10:00
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herumZitat:
=> TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Außerdem musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O32 - AutoRun File - [2001.02.24 20:09:40 | 000,000,046 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{3b33d37e-4abb-11df-82af-001d9275f84a}\Shell - "" = AutoRun
O33 - MountPoints2\{3b33d37e-4abb-11df-82af-001d9275f84a}\Shell\AutoRun\command - "" = I:\LGAutoRun.exe -- File not found
O33 - MountPoints2\{b4aed48d-579b-11df-8ec1-8ca438202abf}\Shell - "" = AutoRun
O33 - MountPoints2\{b4aed48d-579b-11df-8ec1-8ca438202abf}\Shell\AutoRun\command - "" = J:\setup.exe -- File not found
O33 - MountPoints2\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2001.11.14 12:35:48 | 000,069,632 | R--- | M] ()
[2010.07.13 15:52:07 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\iwdcfutl.sys
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2010, 15:15
| #11 |
| | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum OTL Fix Log nach dem Neustart: Code:
ATTFilter All processes killed
========== OTL ==========
File move failed. E:\autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b33d37e-4abb-11df-82af-001d9275f84a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b33d37e-4abb-11df-82af-001d9275f84a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3b33d37e-4abb-11df-82af-001d9275f84a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3b33d37e-4abb-11df-82af-001d9275f84a}\ not found.
File I:\LGAutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4aed48d-579b-11df-8ec1-8ca438202abf}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4aed48d-579b-11df-8ec1-8ca438202abf}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b4aed48d-579b-11df-8ec1-8ca438202abf}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b4aed48d-579b-11df-8ec1-8ca438202abf}\ not found.
File J:\setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2a3e849-3923-11df-bc8a-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
File C:\Windows\System32\drivers\iwdcfutl.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 58965562 bytes
->Temporary Internet Files folder emptied: 13579741 bytes
->Java cache emptied: 978266 bytes
->FireFox cache emptied: 78769384 bytes
->Apple Safari cache emptied: 55719194 bytes
->Flash cache emptied: 5127 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2381282 bytes
RecycleBin emptied: 19205704397 bytes
Total Files Cleaned = 18.517,00 mb
OTL by OldTimer - Version 3.2.6.1 log created on 07142010_160538
Files\Folders moved on Reboot...
File move failed. E:\autorun.inf scheduled to be moved on reboot.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
C:\Users\***\AppData\Local\Temp\~DFC5AA7555D0860C4D.TMP moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\d8rk64kd.default\Cache\_CACHE_001_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\d8rk64kd.default\Cache\_CACHE_002_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\d8rk64kd.default\Cache\_CACHE_003_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\d8rk64kd.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\d8rk64kd.default\urlclassifier3.sqlite moved successfully.
C:\Users\***\AppData\Local\Mozilla\Firefox\Profiles\d8rk64kd.default\XUL.mfl moved successfully.
C:\Windows\temp\ZLT05f03.TMP moved successfully.
Registry entries deleted on Reboot...
__________________ Windows 7 Home Premium 32-Bit Original |
|
14.07.2010, 15:38
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Ok, weiter mit CF: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.07.2010, 17:19
| #13 |
| | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum hmpf... ich depp hab zu schnell gemacht und Cofi.exe direkt nach dem download gestartet, und nichtans reinigen gedacht. danach mit CCleaner bereinigt und erneut nen scan gemacht. der vorherige beinhaltete die Löschung einer Install.exe, ich finde das Logfile aber nicht meh. wurde wohl überschrieben. gibt es eine Möglichkeit das rückgängig zu machen? Code:
ATTFilter ComboFix 10-07-13.08 - *** 14.07.2010 17:28:35.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3070.1813 [GMT 2:00]
ausgeführt von:: c:\users\***\Downloads\ComboFix.exe
.
((((((((((((((((((((((( Dateien erstellt von 2010-06-14 bis 2010-07-14 ))))))))))))))))))))))))))))))
.
2010-07-14 15:33 . 2010-07-14 15:33 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-14 15:33 . 2010-07-14 15:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-14 14:05 . 2010-07-14 14:05 -------- d-----w- C:\_OTL
2010-07-11 14:07 . 2010-07-11 14:07 -------- d-----w- c:\program files\Belarc
2010-07-11 11:11 . 2010-07-11 11:11 3552 ------w- C:\bootsqm.dat
2010-07-11 09:56 . 2010-07-11 09:56 -------- d-----w- c:\users\***\AppData\Roaming\Sakura
2010-07-09 16:58 . 2010-07-14 14:11 -------- d-----w- c:\program files\Steam
2010-07-08 13:52 . 2010-07-08 13:52 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-05 18:07 . 2010-07-05 18:07 -------- d-----w- c:\users\***\AppData\Roaming\Need for Speed World
2010-07-05 17:58 . 2010-07-07 16:43 4078864 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\eawebkit.dll
2010-07-05 17:58 . 2010-07-07 16:43 267536 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.dll
2010-07-05 17:58 . 2010-07-07 16:43 1791248 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\gameplay.native.dll
2010-07-05 17:58 . 2010-07-07 16:43 10695952 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\nfsw.exe
2010-07-05 17:58 . 2010-07-05 17:58 462864 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\d3dx10_37.dll
2010-07-05 17:58 . 2010-07-05 17:58 3786760 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\d3dx9_37.dll
2010-07-05 17:11 . 2010-07-05 17:11 883670 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbcl.dll
2010-07-05 17:11 . 2010-07-05 17:11 57344 ----a-w- c:\programdata\Electronic Arts\Need For Speed World\Data\pb\pbag.dll
2010-07-05 16:51 . 2010-07-05 16:51 -------- d-----w- c:\users\***\AppData\Local\Totalidea_Software
2010-07-05 16:51 . 2010-07-05 16:51 -------- d-----w- c:\users\***\AppData\Roaming\Tweak-7
2010-07-05 16:40 . 2010-07-05 16:40 -------- d-----w- c:\program files\Tweak-7
2010-07-05 16:40 . 2010-07-05 16:40 -------- d-----w- c:\windows\Tweak-7
2010-07-03 23:58 . 2010-07-03 23:58 -------- d-----w- c:\program files\Microsoft Pro Photo Tools
2010-07-03 23:41 . 2010-07-03 23:41 -------- d-----w- c:\users\***\AppData\Local\Dupehunter Professional
2010-07-03 23:41 . 2010-07-03 23:41 -------- d-----w- c:\program files\CH-Soft
2010-07-03 16:12 . 2010-07-03 16:12 -------- d-----w- c:\users\***\AppData\Local\Microsoft Games
2010-07-02 16:53 . 2010-07-02 16:53 -------- d-----w- c:\users\***\AppData\Local\Electronic_Arts_Inc
2010-06-29 20:56 . 2010-06-29 20:56 -------- d-----w- c:\users\***\AppData\Local\Diagnostics
2010-06-29 07:30 . 2009-02-16 20:12 53248 ----a-w- c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d8rk64kd.default\extensions\fx4options@skorek.com\components\dwmxpcom.dll
2010-06-25 20:37 . 2010-06-25 20:37 -------- d-----w- c:\program files\GameSpy Arcade
2010-06-25 20:28 . 2010-06-25 20:28 -------- d-----w- c:\program files\Croteam
2010-06-24 18:09 . 2010-06-24 18:09 -------- d-----w- c:\users\***\AppData\Roaming\CheckPoint
2010-06-24 18:07 . 2010-07-14 15:28 -------- d-----w- c:\windows\Internet Logs
2010-06-24 18:07 . 2010-06-24 18:07 -------- d-----w- c:\programdata\CheckPoint
2010-06-23 20:57 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 20:57 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 20:57 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 20:57 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 20:57 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 20:01 . 2010-06-23 20:01 -------- d-----w- c:\program files\CCleaner
2010-06-23 14:53 . 2010-06-23 14:53 6737920 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\Sexy.tls.dll
2010-06-23 14:47 . 2010-06-23 14:47 3969024 ----a-w- c:\programdata\TuneUp Software\TuneUp Utilities\WinStyler\LogonScreens\StarryNight.tls.dll
2010-06-23 14:05 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 14:05 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 14:05 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
2010-06-22 17:37 . 2009-03-28 17:52 94208 ----a-w- c:\users\***\AppData\Roaming\Soldat\Battleye\BEServer.dll
2010-06-22 17:37 . 2009-03-28 17:52 102400 ----a-w- c:\users\***\AppData\Roaming\Soldat\Battleye\BEClient.dll
2010-06-22 17:37 . 2010-06-22 17:37 0 ----a-r- C:\logwmemory.bin
2010-06-21 12:30 . 2010-06-21 12:30 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2010-06-21 12:30 . 2010-04-29 10:19 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-21 12:30 . 2010-06-21 12:30 -------- d-----w- c:\programdata\Malwarebytes
2010-06-21 12:30 . 2010-06-21 21:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-21 12:30 . 2010-04-29 10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 20:38 . 2010-06-20 20:38 388096 ----a-r- c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-06-20 20:38 . 2010-06-20 20:38 -------- d-----w- c:\program files\Trend Micro
2010-06-20 14:33 . 2010-06-20 14:33 -------- d-----w- c:\users\***\AppData\Roaming\Soldat
2010-06-20 13:46 . 2010-06-20 13:46 -------- d-----w- c:\users\***\AppData\Local\Deployment
2010-06-20 13:46 . 2010-06-20 13:46 -------- d-----w- c:\users\***\AppData\Local\Apps
2010-06-20 11:09 . 2010-06-20 11:09 -------- d-----w- c:\program files\iPod
2010-06-20 11:07 . 2010-06-20 11:07 -------- d-----w- c:\program files\Bonjour
2010-06-20 11:00 . 2010-06-20 11:00 72504 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-19 13:05 . 2010-07-11 09:51 -------- d-----w- c:\program files\Bridge It Demo
2010-06-17 19:52 . 2010-06-22 19:45 -------- d-----w- c:\users\***\AppData\Roaming\NCH Swift Sound
2010-06-15 19:46 . 2010-06-22 19:45 -------- d-----w- c:\programdata\NCH Swift Sound
2010-06-15 19:45 . 2010-07-14 13:33 -------- d-----w- c:\program files\NCH Swift Sound
2010-06-15 19:44 . 2010-06-17 19:52 -------- d-----w- c:\programdata\NCH Software
2010-06-15 19:44 . 2010-07-11 09:50 -------- d-----w- c:\program files\NCH Software
2010-06-15 19:44 . 2010-06-15 19:46 -------- d-----w- c:\users\***\AppData\Roaming\NCH Software
2010-06-15 16:47 . 2010-06-15 16:47 -------- d-----w- c:\programdata\Norton
2010-06-15 16:47 . 2010-06-15 16:47 -------- d-----w- c:\windows\system32\drivers\NSS
2010-06-15 16:47 . 2010-06-15 16:47 -------- d-----w- c:\programdata\Symantec
2010-06-15 16:47 . 2010-06-15 16:47 -------- d-----w- c:\program files\Norton Security Scan
2010-06-15 16:47 . 2010-06-15 16:47 -------- d-----w- c:\programdata\NortonInstaller
2010-06-15 16:47 . 2010-06-15 16:47 -------- d-----w- c:\program files\NortonInstaller
2010-06-15 13:50 . 2010-06-15 13:50 56997 ----a-w- c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 53600 ----a-w- c:\programdata\DivX\Update\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 84062 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 54166 ----a-w- c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 57532 ----a-w- c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 54644 ----a-w- c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 54128 ----a-w- c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 57409 ----a-w- c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-06-15 13:50 . 2010-06-15 13:50 54101 ----a-w- c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-14 15:33 . 2010-03-27 01:02 -------- d-----w- c:\program files\Connectify
2010-07-14 15:06 . 2010-05-13 18:47 -------- d-----w- c:\users\***\AppData\Roaming\Skype
2010-07-14 15:06 . 2010-04-10 15:42 -------- d-----w- c:\users\***\AppData\Roaming\ICQ
2010-07-14 14:18 . 2010-04-11 10:14 1 ----a-w- c:\users\***\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-07-14 14:11 . 2010-06-24 19:58 1195283 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-07-14 14:09 . 2010-07-14 14:12 63488 ----a-w- c:\windows\Internet Logs\xDB5776.tmp
2010-07-14 14:04 . 2010-05-13 18:48 -------- d-----w- c:\users\***\AppData\Roaming\skypePM
2010-07-13 13:50 . 2010-04-10 08:17 -------- d-----w- c:\users\***\AppData\Roaming\vlc
2010-07-12 21:54 . 2010-04-10 08:50 -------- d-----w- c:\users\***\AppData\Roaming\Orbit
2010-07-12 16:48 . 2010-07-13 11:15 8704 ----a-w- c:\windows\Internet Logs\xDB5B2E.tmp
2010-07-11 21:37 . 2010-07-12 16:48 209920 ----a-w- c:\windows\Internet Logs\xDB8366.tmp
2010-07-11 13:18 . 2010-07-11 13:19 2970624 ----a-w- c:\windows\Internet Logs\xDBA21D.tmp
2010-07-11 11:02 . 2010-07-11 11:45 1748480 ----a-w- c:\windows\Internet Logs\xDB5BFF.tmp
2010-07-11 10:28 . 2009-07-14 08:47 700636 ----a-w- c:\windows\system32\perfh007.dat
2010-07-11 10:28 . 2009-07-14 08:47 147682 ----a-w- c:\windows\system32\perfc007.dat
2010-07-11 10:13 . 2010-06-04 12:13 -------- d-----w- c:\program files\Sony
2010-07-11 09:58 . 2010-05-21 12:10 -------- d-----w- c:\program files\VstPlugins
2010-07-11 09:56 . 2010-05-21 12:08 -------- d-----w- c:\program files\Image-Line
2010-07-11 09:53 . 2010-04-10 08:55 -------- d-----w- c:\program files\Common Files\InstallShield
2010-07-11 09:53 . 2010-04-10 08:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-11 09:52 . 2010-05-06 10:45 -------- d-----w- c:\program files\Electronic Arts
2010-07-11 09:52 . 2010-05-06 12:10 -------- d-----w- c:\programdata\Electronic Arts
2010-07-11 08:12 . 2010-05-05 16:13 -------- d-----w- c:\program files\Common Files\Steam
2010-07-09 04:46 . 2010-07-09 16:51 3021824 ----a-w- c:\windows\Internet Logs\xDB3776.tmp
2010-07-08 15:01 . 2010-05-20 18:45 -------- d-----w- c:\users\***\AppData\Roaming\GrabPro
2010-07-08 14:02 . 2010-05-12 20:38 -------- d-----w- c:\users\***\AppData\Roaming\Wormux
2010-07-07 22:55 . 2010-07-08 12:19 1720320 ----a-w- c:\windows\Internet Logs\xDB5E86.tmp
2010-07-07 22:55 . 2010-07-08 12:19 2210304 ----a-w- c:\windows\Internet Logs\xDB53BC.tmp
2010-07-07 16:35 . 2010-04-16 14:46 -------- d-----w- c:\program files\Google
2010-07-06 19:45 . 2010-07-06 19:46 1710080 ----a-w- c:\windows\Internet Logs\xDB93C8.tmp
2010-07-05 19:12 . 2010-07-05 19:17 1702912 ----a-w- c:\windows\Internet Logs\xDBBE9F.tmp
2010-07-04 07:29 . 2010-07-04 07:37 569344 ----a-w- c:\windows\Internet Logs\xDBA3D1.tmp
2010-07-01 16:37 . 2010-04-20 20:57 -------- d-----w- c:\users\***\AppData\Roaming\gtk-2.0
2010-06-28 22:16 . 2010-06-29 07:13 1668608 ----a-w- c:\windows\Internet Logs\xDBD1D.tmp
2010-06-28 22:16 . 2010-06-29 07:13 3042304 ----a-w- c:\windows\Internet Logs\xDBF0F4.tmp
2010-06-28 18:44 . 2010-05-26 18:36 -------- d-----w- c:\program files\Cheat Engine
2010-06-26 01:01 . 2010-06-04 12:10 -------- d-----w- c:\program files\Microsoft.NET
2010-06-24 18:09 . 2010-06-24 18:08 422437 begin_of_the_skype_highlighting**************08 422437******end_of_the_skype_highlighting ---ha-w- c:\windows\system32\drivers\vsconfig.xml
2010-06-24 18:08 . 2010-06-24 18:08 -------- d-----w- c:\program files\CheckPoint
2010-06-24 18:08 . 2010-06-24 18:08 -------- d-----w- c:\program files\Zone Labs
2010-06-23 15:37 . 2010-05-17 17:04 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-06-23 14:06 . 2010-04-18 19:05 -------- d-----w- c:\program files\LG Electronics
2010-06-20 11:10 . 2010-06-09 16:28 -------- d-----w- c:\program files\iTunes
2010-06-20 11:09 . 2010-03-26 22:52 -------- d-----w- c:\program files\Common Files\Apple
2010-06-19 12:52 . 2010-04-10 11:13 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-19 09:50 . 2010-03-26 22:54 63768 ----a-w- c:\users\***\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-15 14:25 . 2010-04-13 17:33 -------- d-----w- c:\programdata\DivX
2010-06-15 14:25 . 2010-04-13 17:46 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-15 13:50 . 2010-04-13 17:33 -------- d-----w- c:\program files\DivX
2010-06-15 13:50 . 2010-04-13 17:37 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-15 13:46 . 2010-04-13 17:37 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-06-15 13:46 . 2010-04-13 17:37 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-14 14:58 . 2010-05-01 09:34 -------- d-----w- c:\program files\Safari
2010-06-14 14:51 . 2010-06-14 14:51 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-14 12:05 . 2010-06-14 12:05 29248 ----a-w- c:\windows\system32\drivers\connctfy.sys
2010-06-10 15:25 . 2010-04-10 15:41 -------- d-----w- c:\program files\ICQ7.0
2010-06-09 16:27 . 2010-06-09 16:27 -------- d-----w- c:\program files\Apple Software Update
2010-06-08 17:20 . 2010-06-08 17:05 -------- d-----w- c:\program files\Cheatbook Database 2010
2010-06-06 19:42 . 2010-06-06 19:42 -------- d-----w- c:\program files\Alcohol Soft
2010-06-06 11:39 . 2010-04-16 17:47 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 11:28 . 2010-06-06 11:28 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-06-06 01:01 . 2010-06-04 12:09 -------- d-----w- c:\program files\Microsoft SQL Server
2010-06-04 12:33 . 2010-06-04 12:33 -------- d-----w- c:\users\***\AppData\Roaming\Publish Providers
2010-06-04 12:33 . 2010-06-04 12:13 -------- d-----w- c:\users\***\AppData\Roaming\Sony
2010-06-04 12:29 . 2010-06-04 12:13 -------- d-----w- c:\programdata\Sony
2010-06-04 12:09 . 2010-06-04 12:09 -------- d-----w- c:\program files\Sony Setup
2010-06-03 21:35 . 2010-06-03 21:31 -------- d-----w- c:\users\***\AppData\Roaming\Wi-Fi Sync
2010-06-03 19:48 . 2010-06-03 19:48 -------- d-----w- c:\users\***\AppData\Roaming\Blumentals
2010-06-03 09:32 . 2010-05-15 23:00 81920 ----a-w- c:\programdata\NexonEU\NGM\npNxGameeu.dll
2010-06-03 09:32 . 2010-05-15 23:00 98304 ----a-w- c:\programdata\NexonEU\NGM\nxgameeu.dll
2010-06-03 09:32 . 2010-05-15 23:00 532480 ----a-w- c:\programdata\NexonEU\NGM\NGMDll.dll
2010-06-03 09:32 . 2010-05-15 23:00 331776 ----a-w- c:\programdata\NexonEU\NGM\NGMResource.dll
2010-06-03 09:32 . 2010-05-15 23:00 258352 ----a-w- c:\programdata\NexonEU\NGM\unicows.dll
2010-06-03 09:32 . 2010-05-15 23:00 155648 ----a-w- c:\programdata\NexonEU\NGM\NGM.exe
2010-06-02 15:02 . 2010-06-02 15:02 -------- d-----w- c:\users\***\AppData\Roaming\dvdcss
2010-06-02 12:26 . 2010-06-02 12:26 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-02 12:26 . 2010-06-02 12:26 -------- d-----w- c:\users\***\AppData\Roaming\TuneUp Software
2010-06-02 12:26 . 2010-06-02 12:25 -------- d-----w- c:\programdata\TuneUp Software
2010-06-02 12:25 . 2010-06-02 12:25 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-06-02 12:15 . 2010-06-02 12:15 -------- d-----w- c:\program files\ClearProg
2010-06-02 11:26 . 2010-06-02 11:26 -------- d-----w- c:\users\***\AppData\Roaming\Bump Technologies, Inc
2010-06-02 11:25 . 2010-06-02 11:25 -------- d-----w- c:\program files\BumpTop
2010-06-01 17:16 . 2010-04-11 10:01 -------- d-----w- c:\program files\Common Files\Java
2010-06-01 17:15 . 2010-06-01 17:15 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 17:15 . 2010-04-11 10:01 -------- d-----w- c:\program files\Java
2010-05-30 10:03 . 2010-05-30 10:03 -------- d-----w- c:\programdata\Media Center Programs
2010-05-30 09:48 . 2010-05-30 09:48 -------- d-----w- c:\program files\THQ
2010-05-30 09:45 . 2010-05-30 09:45 -------- d-----w- c:\users\***\AppData\Roaming\InstallShield
2010-05-28 20:55 . 2010-05-28 20:55 -------- d-----w- c:\program files\Nokia
2010-05-27 07:24 . 2010-06-10 20:31 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-10 20:31 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 19:49 . 2010-05-24 19:49 -------- d-----w- c:\program files\Activision
2010-05-21 13:04 . 2010-05-21 13:04 -------- d-----w- c:\users\***\AppData\Roaming\Hardcore
2010-05-21 12:14 . 2010-03-26 22:47 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 12:13 . 2010-05-21 12:13 -------- d-----w- c:\users\***\AppData\Roaming\SynthMaker
2010-05-21 12:11 . 2010-05-21 12:11 -------- d-----w- c:\program files\ASIO4ALL v2
2010-05-21 12:10 . 2010-05-21 12:10 -------- d-----w- c:\program files\Outsim
2010-05-21 05:18 . 2010-06-10 20:31 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 18:45 . 2010-05-20 18:44 -------- d-----w- c:\program files\Orbitdownloader
2010-05-20 18:40 . 2010-05-20 18:40 -------- d-----w- c:\program files\Codemasters
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Connectify"="c:\program files\Connectify\Connectify.exe" [2010-06-14 1121792]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"Free Hide IP"="c:\program files\FreeHideIP\FreeHideIP.exe" [2010-04-27 2501872]
"Thunderbird"="c:\program files\Mozilla Thunderbird\thunderbird.exe" [2010-06-19 11959472]
"iTunes"="c:\program files\iTunes\iTunes.exe" [2010-06-15 10358072]
"Steam"="c:\program files\Steam\Steam.exe" [2010-07-10 1242448]
"ICQ"="c:\program files\ICQ7.0\ICQ.exe" [2010-06-08 133368]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-12-04 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-27 730480]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Greenshot.lnk - c:\program files\Greenshot\Greenshot.exe [2010-4-24 528384]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BumpTop.lnk - c:\program files\BumpTop\BumpTop.exe [2010-6-2 7162184]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\M:\0autocheck autochk *
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe"
"Free Hide IP"=c:\program files\FreeHideIP\FreeHideIP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 136176]
R3 connctfy;Connectify Service;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248]
R3 KMWDFILTERx86;HIDServiceDesc;c:\windows\system32\DRIVERS\KMWDFILTER.sys [2009-04-29 25088]
R3 MSSQL$SONY_MEDIAMGR2;SQL Server (SONY_MEDIAMGR2);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2009-05-27 29262680]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-06-06 722416]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-27 25208]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2009-10-27 476528]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-05-07 1051976]
S2 Tweak7SystemService;Tweak7SystemService;c:\windows\system32\Tweak7SystemService.exe [2010-05-08 91816]
S3 connctfyMP;connctfyMP;c:\windows\system32\DRIVERS\connctfy.sys [2010-06-14 29248]
S3 KMWDFilter1X;KM DRIVER;c:\windows\system32\DRIVERS\RP24GV1.sys [2009-10-28 16896]
S3 netr28u;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-07-13 657408]
S3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2009-07-13 1311232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2010-02-25 10064]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:27]
2010-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-07 16:27]
2010-07-13 c:\windows\Tasks\Norton Security Scan for ***.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-15 16:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.orbitdownloader.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d8rk64kd.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.orbitdownloader.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\FFExternalAlert.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d8rk64kd.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}\components\RadioWMPCore.dll
FF - component: c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d8rk64kd.default\extensions\fx4options@skorek.com\components\dwmxpcom.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\programdata\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
---- FIREFOX Richtlinien ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: browser.xul.error_pages.enabled - false
FF - user.js: browser.urlbar.autoFill - true
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2010-07-14 17:35:32
ComboFix-quarantined-files.txt 2010-07-14 15:35
ComboFix2.txt 2010-07-14 15:22
Vor Suchlauf: 38 Verzeichnis(se), 174.489.587.712 Bytes frei
Nach Suchlauf: 39 Verzeichnis(se), 174.236.012.544 Bytes frei
- - End Of File - - 6E7E579D8AAE158FBAB64DE48F70A076
__________________ Windows 7 Home Premium 32-Bit Original |
|
14.07.2010, 18:44
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Sieht ok aus. hast Du ZoneAlarm immer noch nicht deinstalliert?? Mach das mal bitte dann gehts weiter.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2010, 12:34
| #15 |
| | PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum Ich hab ZA deinstalliert, aber jetzt habe ich keine Internetverbindung mehr, weil ein Fehler am Netzwerkadapter vorliegt. Keine Ahnung, was ist, aber im Moment bin ich mit einem anderen PC online, der über das selbe Netzwerk läuft. Was habe ich falsch gemacht, oder wie verwende ich die wiederherstellungskonsole von combofix?
__________________ Windows 7 Home Premium 32-Bit Original |
|
| Themen zu PC sehr Langsam, Tasks lassen sich nicht beenden und Internet spinnt herum |
| aufrufe, boxen, checkpoint, fehlermeldung, firefox.exe, forum, gupdate, hjt log, hängen, internet, langsam, log, malwarebytes' anti-malware, mozilla thunderbird, neustart, pc sehr langsam, plug-in, problem, probleme, programme, prozesse, sehr langsam, server, sicherheit, sinkt, taskleiste, tower, trojaner, trojaner board, viren, vista, warum, werbung, windows |
Linear-Darstellung
