| |
| |||||||
Log-Analyse und Auswertung: Laggs bei banalen Dingen, Logfile checkenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
18.12.2010, 13:01
| #1 |
 |  Laggs bei banalen Dingen, Logfile checken Hallo, ich habe seit einiger Zeit Performance Schwächen meines PCs, die definitiv nicht normal sind, dies äußert sich bei banalsten Dingen, wie das öffnen von mehreren Tabs im Browser oder beim Spielen von eigentlich nicht aufwendigen Spielen (z.B. Counterstrike 1.6) Wäre schön wenn jemand mein File mal checken könnte und oder mir ein Paar Tipps geben könnte was ich noch machen kann. ogfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:51:34, on 18.12.2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Program Files\Dell\DellDock\DockLogin.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe C:\Users\FNi\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\FNi\Downloads\HiJackThis204.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~2\SEARCH~1.DLL O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [RssReader] C:\Users\FNi\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe /Autostart O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user') O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) - O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{75AD296B-0990-41E5-BC0F-03779B81B7D4}: NameServer = 192.168.0.5 O17 - HKLM\System\CCS\Services\Tcpip\..\{7E444FE6-C9F9-476C-8BF7-CB953FF2897D}: NameServer = 192.168.0.5 O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10068 bytes |
|
20.12.2010, 10:50
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Laggs bei banalen Dingen, Logfile checken Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
20.12.2010, 14:19
| #3 |
| | Laggs bei banalen Dingen, Logfile checken Malwarebytes Log:
__________________Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5360 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.12.2010 12:21:11 mbam-log-2010-12-20 (12-21-11).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 165746 Laufzeit: 2 Minute(n), 32 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) OTL Log 1:OTL Logfile: Code:
ATTFilter OTL logfile created on: 20.12.2010 13:51:00 - Run 1 OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\XXX\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 46,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 146,69 Gb Total Space | 64,09 Gb Free Space | 43,69% Space Free | Partition Type: NTFS Drive E: | 68,36 Gb Total Space | 11,30 Gb Free Space | 16,53% Space Free | Partition Type: NTFS Drive F: | 68,36 Gb Total Space | 0,02 Gb Free Space | 0,03% Space Free | Partition Type: NTFS Computer Name: XXX | User Name: XXX | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - E:\Steam\Steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\QIP 2010\qip.exe (QIP) PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Users\XXX\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV) ========== Modules (SafeList) ========== MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\SysWOW64\normaliz.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation) SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE () SRV:64bit: - (STacSV) -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.) SRV:64bit: - (AMD External Events Utility) -- C:\WINDOWS\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (O2FLASH) -- C:\WINDOWS\SysNative\drivers\o2flash.exe (O2Micro International) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation) SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgntflt) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avipbb) -- C:\WINDOWS\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (RTL8167) -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (atksgt) -- C:\WINDOWS\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\WINDOWS\SysNative\drivers\lirsgt.sys () DRV:64bit: - (UsbserFilt) -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia) DRV:64bit: - (upperdev) -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdcx64) -- C:\WINDOWS\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (nmwcdx64) -- C:\WINDOWS\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (acedrv11) -- C:\WINDOWS\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (sptd) -- C:\WINDOWS\SysNative\drivers\sptd.sys () DRV:64bit: - (sdbus) -- C:\WINDOWS\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (Acceler) -- C:\WINDOWS\SysNative\drivers\Acceler.sys (ST Microelectronics) DRV:64bit: - (BCM42RLY) -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys (Broadcom Corporation) DRV:64bit: - (BCM43XX) -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\WINDOWS\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (STHDA) -- C:\WINDOWS\SysNative\drivers\stwrt64.sys (IDT, Inc.) DRV:64bit: - (SynTP) -- C:\WINDOWS\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (atikmdag) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (CtClsFlt) -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.) DRV:64bit: - (Ntfs) -- C:\WINDOWS\SysNative\wbem\ntfs.mof () DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (iaStor) -- C:\WINDOWS\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (O2MDGRDR) -- C:\WINDOWS\SysNative\drivers\o2mdgx64.sys (O2Micro ) DRV:64bit: - (pccsmcfd) -- C:\WINDOWS\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (DrvAgent64) -- C:\WINDOWS\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies) DRV - (RTCore64) -- C:\Program Files (x86)\RMClock\RTCore64.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2 FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0 FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.1 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1" FF - prefs.js..network.proxy.backup.ftp_port: 9666 FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1" FF - prefs.js..network.proxy.backup.gopher_port: 9666 FF - prefs.js..network.proxy.backup.socks: "127.0.0.1" FF - prefs.js..network.proxy.backup.socks_port: 9666 FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1" FF - prefs.js..network.proxy.backup.ssl_port: 9666 FF - prefs.js..network.proxy.http: "127.0.0.1" FF - prefs.js..network.proxy.http_port: 9666 FF - prefs.js..network.proxy.socks: "localhost" FF - prefs.js..network.proxy.socks_port: 9050 FF - prefs.js..network.proxy.socks_remote_dns: true FF - prefs.js..network.proxy.ssl: "localhost" FF - prefs.js..network.proxy.ssl_port: 9666 FF - prefs.js..network.proxy.type: 0 FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.23 12:07:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.04.12 14:12:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2010.06.27 11:43:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.11 23:39:22 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 19:47:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.11 15:21:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.21 14:26:54 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.04.12 14:12:30 | 000,000,000 | ---D | M] [2009.12.31 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions [2009.12.31 18:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.12.20 12:05:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions [2010.02.21 16:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA} [2010.03.28 22:39:28 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB} [2010.12.10 19:47:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.09.26 17:57:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\firefox@tvunetworks.com [2010.10.03 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\vshare@toolbar [2010.09.10 18:28:10 | 000,001,574 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\FireFox\Profiles\9qjppzno.default\searchplugins\bing.xml [2010.12.20 12:05:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010.10.21 14:00:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.25 01:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.25 01:44:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.25 01:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.25 01:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.25 01:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.10.15 17:33:07 | 000,422,541 | R--- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 14567 more lines... O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll () O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found O4 - HKCU..\Run: [RssReader] C:\Users\XXX\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell - "" = AutoRun O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.12.20 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes [2010.12.20 12:16:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.12.20 12:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.12.20 12:16:16 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.12.20 12:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.12.17 15:18:01 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Rockstar Games [2010.12.15 17:26:45 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.12.15 17:26:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.12.15 17:26:45 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.12.15 17:26:45 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.12.15 17:26:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.12.15 17:26:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.12.15 17:26:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.12.15 17:26:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.12.15 17:26:44 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.12.15 17:26:44 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.12.15 17:26:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.12.15 17:26:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.12.15 17:26:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.12.15 17:26:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.12.15 17:26:09 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll [2010.12.15 17:26:09 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll [2010.12.15 17:26:09 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll [2010.12.15 17:26:09 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll [2010.12.15 17:26:09 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe [2010.12.15 17:26:09 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll [2010.12.15 17:26:09 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe [2010.12.15 17:26:09 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe [2010.12.15 17:25:59 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2010.12.15 17:25:59 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2010.12.15 17:25:59 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2010.12.15 17:25:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2010.12.15 17:25:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll [2010.12.15 17:25:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll [2010.12.15 17:25:40 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe [2010.12.11 01:23:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\ManyCam [2010.12.11 01:23:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\ManyCam [2010.12.11 01:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam [2010.12.06 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Octoshape [2010.12.01 17:56:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\ArcaniA - Gothic 4 [2010.12.01 17:45:37 | 000,000,000 | ---D | C] -- C:\GAMES [2010.12.01 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Oblivion [2010.12.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2010.11.25 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Criterion Games [2010.11.25 18:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts [2010.11.25 18:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core [2010.11.25 17:58:53 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2010.11.25 17:58:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2010.11.25 17:58:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2010.11.25 17:58:53 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2010.11.25 17:58:53 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2010.11.25 17:58:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2010.11.25 17:58:53 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2010.11.25 17:58:53 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2010.11.25 17:58:52 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll [2010.11.25 17:58:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll [2010.11.25 17:58:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll [2010.11.25 17:58:52 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll [2010.11.25 17:58:51 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll [2010.11.25 17:58:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll [2010.11.25 17:58:49 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll [2010.11.25 17:58:49 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll [2010.11.25 17:58:49 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll [2010.11.25 17:58:49 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll [2010.11.25 17:58:48 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll [2010.11.25 17:58:48 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll [2010.11.25 17:58:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll [2010.11.25 17:58:45 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll [2010.11.25 17:58:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll [2010.11.25 17:58:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll [2010.11.25 17:58:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll [2010.11.25 17:58:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll [2010.11.25 17:58:42 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll [2010.11.25 17:58:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll [2010.11.25 17:58:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll [2010.11.25 17:58:42 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll [2010.11.25 17:58:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll [2010.11.25 17:58:41 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll [2010.11.25 17:58:41 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll [2010.11.25 17:58:41 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll [2010.11.25 17:58:41 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll [2010.11.25 17:58:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll [2010.11.25 17:58:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll [2010.11.25 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield [2010.11.21 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\PCDr [2010.07.11 13:06:44 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\csnpstd.dll [2010.07.11 13:06:44 | 000,040,960 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd.dll [2010.07.11 13:06:44 | 000,036,864 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd.dll [2010.01.05 00:03:16 | 008,653,312 | ---- | C] (Dell, Inc. ) -- C:\Users\XXX\AppData\Roaming\DataSafeDotNet.exe [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.12.20 13:46:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.12.20 12:16:21 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.20 11:10:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.12.20 11:10:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.12.20 11:04:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.12.20 11:02:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.12.20 11:02:31 | 3217,264,640 | -HS- | M] () -- C:\hiberfil.sys [2010.12.18 12:28:08 | 000,007,628 | ---- | M] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg [2010.12.17 15:06:22 | 001,480,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.12.17 15:06:22 | 000,647,366 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.12.17 15:06:22 | 000,610,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.12.17 15:06:22 | 000,127,412 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.12.17 15:06:22 | 000,104,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.12.16 13:49:12 | 000,400,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.12.12 21:10:20 | 000,057,344 | ---- | M] () -- C:\Users\XXX\Desktop\Abizeitung 2011_Vorlage Schülerprofil.doc [2010.12.12 15:47:40 | 000,003,562 | ---- | M] () -- C:\Users\XXX\Desktop\cc_20101212_154735.reg [2010.12.11 01:23:26 | 000,001,053 | ---- | M] () -- C:\Users\XXX\Desktop\ManyCam.lnk [2010.12.07 22:20:43 | 000,010,132 | ---- | M] () -- C:\Users\XXX\Desktop\img054.gif [2010.12.04 13:24:18 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini [2010.12.03 18:29:35 | 000,481,110 | ---- | M] () -- C:\Users\XXX\Desktop\Foto0242.jpg [2010.12.02 20:58:27 | 000,074,852 | ---- | M] () -- C:\Users\XXX\Desktop\Unbenannt.jpg [2010.12.01 17:51:26 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk [2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010.11.27 12:55:35 | 000,030,208 | ---- | M] () -- C:\Users\XXX\Desktop\suicide.doc [2010.11.22 16:54:58 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.11.21 21:41:47 | 000,008,519 | ---- | M] () -- C:\Users\XXX\Desktop\123.png [2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.12.20 12:16:21 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.12.12 15:47:37 | 000,003,562 | ---- | C] () -- C:\Users\XXX\Desktop\cc_20101212_154735.reg [2010.12.11 01:23:26 | 000,001,053 | ---- | C] () -- C:\Users\XXX\Desktop\ManyCam.lnk [2010.12.07 22:20:42 | 000,010,132 | ---- | C] () -- C:\Users\XXX\Desktop\img054.gif [2010.12.04 13:22:47 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini [2010.12.03 18:29:34 | 000,481,110 | ---- | C] () -- C:\Users\XXX\Desktop\Foto0242.jpg [2010.12.02 20:58:27 | 000,074,852 | ---- | C] () -- C:\Users\XXX\Desktop\Unbenannt.jpg [2010.12.01 17:51:26 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk [2010.11.27 12:38:43 | 000,030,208 | ---- | C] () -- C:\Users\XXX\Desktop\suicide.doc [2010.11.24 19:25:26 | 000,057,344 | ---- | C] () -- C:\Users\XXX\Desktop\Abizeitung 2011_Vorlage Schülerprofil.doc [2010.11.21 21:40:25 | 000,008,519 | ---- | C] () -- C:\Users\XXX\Desktop\123.png [2010.07.11 13:06:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dsnpstd.dll [2010.07.11 13:06:52 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini [2010.07.11 13:06:46 | 000,301,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\snpstd.sys [2010.04.21 15:17:28 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.04.12 14:13:56 | 000,005,120 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.04.02 18:31:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.02.22 20:57:05 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.02.22 20:11:59 | 000,025,600 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db [2010.02.10 15:35:11 | 000,007,628 | ---- | C] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg [2010.01.10 12:25:23 | 000,002,458 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat [2010.01.02 13:08:49 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll [2010.01.01 23:55:36 | 000,001,050 | ---- | C] () -- C:\Users\XXX\AppData\Local\yuvtools3.ini [2010.01.01 23:55:36 | 000,000,255 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\yuv_file_history3.ini [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI < End of report > Log 2 (Extras):OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 20.12.2010 13:51:00 - Run 1
OTL by OldTimer - Version 3.2.17.4 Folder = C:\Users\XXX\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 46,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,69 Gb Total Space | 64,09 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 11,30 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
Drive F: | 68,36 Gb Total Space | 0,02 Gb Free Space | 0,03% Space Free | Partition Type: NTFS
Computer Name: XXXMOBIL | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem (06/01/2009 7.01.0.4)
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DriverAgent.exe" = DriverAgent by eSupport.com
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{071F3745-E389-4345-86DF-E80B55446FCE}" = FC Bayern München - NewsBox
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{1ACF68E6-888C-4182-89F7-C10F8C8F3026}" = Sitecom USB EasyCam VP-001
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4186FEBC-F0CC-4185-A406-24292BC9877A}" = Nokia Software Updater
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{47A0A80F-8DC0-43EB-B9B4-36FD86979DF7}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81B2907E-0F93-4217-8840-A217EF59A244}" = PC Connectivity Solution
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{8E4220D2-A4F2-404D-9A36-C89551F1783B}_is1" = Mafia II (With Shitty Crack)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{d06a1cff-acf5-4d4e-a996-68df4a7bae98}" = Nero 9 Lite
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"30_is1" = Speed Limiter
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU)
"CloneDVDmobile" = CloneDVDmobile
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.5.6
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.5b
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GeoGebra" = GeoGebra
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.25 (remove only)
"Medal Of Honor 2010.Limited Edition_is1" = Medal Of Honor 2010.Limited Edition
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Pontifex Demo" = Pontifex Demo
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"rfnet MoBaVer_is1" = rfnet MoBaVer 0.50.006
"SopCast" = SopCast 3.2.4
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Steam App 260" = Counter-Strike: Source Beta
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.3
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"YUV Player Deluxe" = YUV Player Deluxe
"Zattoo4" = Zattoo4 4.0.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"22abf9dde03b3b37" = Seesmic for Windows
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2010" = QIP 2010 10.10.11.4237
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
"WinBubble" = WinBubble
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11.12.2010 07:04:06 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.12.2010 07:04:11 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.12.2010 08:35:29 | Computer Name = XXXMobil | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 13cc Startzeit:
01cb99235592df12 Endzeit: 34 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
1dd7df69-0523-11e0-9a26-0026b99bdba6
Error - 11.12.2010 12:45:10 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.12.2010 06:24:53 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.12.2010 06:24:53 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.12.2010 06:25:03 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.12.2010 10:27:51 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.12.2010 10:27:51 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.12.2010 10:28:01 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ Broadcom Wireless LAN Events ]
Error - 12.12.2010 10:28:05 | Computer Name = XXXMobil | Source = WLAN-Tray | ID = 0
Description = 15:28:05, Sun, Dec 12, 10 Error - Unable to gain access to user store
[ Dell Events ]
Error - 07.01.2010 07:02:04 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
Error - 07.01.2010 07:02:04 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
Error - 07.01.2010 07:22:09 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
Error - 07.01.2010 07:22:09 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
Error - 07.01.2010 07:22:25 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
Error - 29.09.2010 12:23:04 | Computer Name = XXXMobil | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
[ Media Center Events ]
Error - 26.01.2010 08:43:10 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 13:43:10 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)
Error - 30.06.2010 08:06:10 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 14:06:10 - Fehler beim Herstellen der Internetverbindung. 14:06:10
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 08:06:21 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 14:06:15 - Fehler beim Herstellen der Internetverbindung. 14:06:15
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 09:11:27 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 15:11:27 - Fehler beim Herstellen der Internetverbindung. 15:11:27
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 09:11:59 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 15:11:56 - Fehler beim Herstellen der Internetverbindung. 15:11:56
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 10:12:34 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 16:12:34 - Fehler beim Herstellen der Internetverbindung. 16:12:34
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 10:13:06 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 16:13:03 - Fehler beim Herstellen der Internetverbindung. 16:13:03
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 11:13:39 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 17:13:39 - Fehler beim Herstellen der Internetverbindung. 17:13:39
- Serververbindung konnte nicht hergestellt werden..
Error - 30.06.2010 11:14:11 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 17:14:09 - Fehler beim Herstellen der Internetverbindung. 17:14:09
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 18.12.2010 07:29:33 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
Fehler beendet: %%1.
Error - 18.12.2010 07:30:25 | Computer Name = XXXMobil | Source = DCOM | ID = 10016
Description =
Error - 18.12.2010 07:49:21 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
Fehler beendet: %%1.
Error - 18.12.2010 07:50:41 | Computer Name = XXXMobil | Source = DCOM | ID = 10016
Description =
Error - 18.12.2010 16:54:39 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 19.12.2010 06:39:00 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
Fehler beendet: %%1.
Error - 19.12.2010 10:00:46 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
Fehler beendet: %%1.
Error - 19.12.2010 10:24:57 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst IPBusEnum erreicht.
Error - 19.12.2010 15:20:31 | Computer Name = XXXMobil | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
Error - 20.12.2010 06:03:00 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
Fehler beendet: %%1.
< End of report >
Danke |
|
20.12.2010, 14:47
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laggs bei banalen Dingen, Logfile checkenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
20.12.2010, 15:58
| #5 |
| | Laggs bei banalen Dingen, Logfile checken Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5360 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 20.12.2010 15:56:59 mbam-log-2010-12-20 (15-56-59).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 400660 Laufzeit: 45 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) Sorry  |
|
20.12.2010, 19:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laggs bei banalen Dingen, Logfile checken Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
O4 - HKCU..\Run: [] File not found
O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell - "" = AutoRun
O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
[2010.11.21 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\PCDr
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ --> Laggs bei banalen Dingen, Logfile checken |
|
20.12.2010, 22:37
| #7 |
| | Laggs bei banalen Dingen, Logfile checken All processes killed ========== OTL ========== Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp Prefs.js: 9666 removed from network.proxy.backup.ftp_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.gopher Prefs.js: 9666 removed from network.proxy.backup.gopher_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks Prefs.js: 9666 removed from network.proxy.backup.socks_port Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl Prefs.js: 9666 removed from network.proxy.backup.ssl_port Prefs.js: "127.0.0.1" removed from network.proxy.http Prefs.js: 9666 removed from network.proxy.http_port Prefs.js: "localhost" removed from network.proxy.socks Prefs.js: 9050 removed from network.proxy.socks_port Prefs.js: true removed from network.proxy.socks_remote_dns Prefs.js: "localhost" removed from network.proxy.ssl Prefs.js: 9666 removed from network.proxy.ssl_port Prefs.js: 0 removed from network.proxy.type Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a750306b-043b-11df-85b9-0026b99bdba6}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a750306b-043b-11df-85b9-0026b99bdba6}\ not found. File H:\LaunchU3.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found. File H:\LaunchU3.exe not found. Folder C:\Users\XXX\AppData\Roaming\PCDr\ not found. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 41620 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: XXX1 ->Temp folder emptied: 4026168 bytes ->Temporary Internet Files folder emptied: 14763380 bytes ->Java cache emptied: 36547997 bytes ->FireFox cache emptied: 110856735 bytes ->Flash cache emptied: 17981 bytes User: XXX2 ->Temp folder emptied: 149662 bytes ->Temporary Internet Files folder emptied: 20661880 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 53061381 bytes ->Flash cache emptied: 643 bytes User: XXX3 %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 1610800 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 2484210 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 233,00 mb OTL by OldTimer - Version 3.2.17.4 log created on 12202010_223144 Files\Folders moved on Reboot... C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... |
|
20.12.2010, 22:59
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laggs bei banalen Dingen, Logfile checken Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2010, 11:16
| #9 |
| | Laggs bei banalen Dingen, Logfile checken Combofix Logfile: Code:
ATTFilter ComboFix 10-12-20.02 - XXX 21.12.2010 11:06:45.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.4091.2931 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
----- BITS: Eventuell infizierte Webseiten -----
hxxp://apnmedia.ask.com
.
((((((((((((((((((((((( Dateien erstellt von 2010-11-21 bis 2010-12-21 ))))))))))))))))))))))))))))))
.
2010-12-21 09:14 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B5384D-04F0-4C2E-A896-767C59892277}\mpengine.dll
2010-12-20 21:31 . 2010-12-20 21:31 -------- d-----w- C:\_OTL
2010-12-20 11:16 . 2010-12-20 11:16 -------- d-----w- c:\users\XXX\AppData\Roaming\Malwarebytes
2010-12-20 11:16 . 2010-11-29 16:42 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 11:16 . 2010-12-20 11:16 -------- d-----w- c:\programdata\Malwarebytes
2010-12-20 11:16 . 2010-12-20 11:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-20 11:16 . 2010-11-29 16:42 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-17 14:18 . 2010-12-17 14:18 -------- d-----w- c:\users\XXX\AppData\Local\Rockstar Games
2010-12-15 16:25 . 2010-10-20 05:20 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-12-15 16:25 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 16:25 . 2010-10-20 03:05 367104 ----a-w- c:\windows\system32\atmfd.dll
2010-12-15 16:25 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 16:25 . 2010-10-20 03:09 3124224 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 16:25 . 2010-10-16 05:19 395776 ----a-w- c:\windows\system32\webio.dll
2010-12-15 16:25 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-15 16:25 . 2010-10-12 05:05 35328 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 16:25 . 2010-10-12 05:00 516096 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 16:25 . 2010-10-12 04:25 516096 ----a-w- c:\program files (x86)\Windows Mail\wab.exe
2010-12-15 16:25 . 2010-10-16 05:23 112000 ----a-w- c:\windows\system32\consent.exe
2010-12-11 00:23 . 2010-12-11 00:23 -------- d-----w- c:\users\XXX\AppData\Roaming\ManyCam
2010-12-11 00:23 . 2010-12-11 00:23 -------- d-----w- c:\users\XXX\AppData\Local\ManyCam
2010-12-11 00:23 . 2010-12-11 00:23 -------- d-----w- c:\program files (x86)\ManyCam
2010-12-06 14:20 . 2010-12-06 14:20 -------- d-----w- c:\users\XXX\AppData\Local\Octoshape
2010-12-01 16:45 . 2010-12-17 14:19 -------- d-----w- C:\GAMES
2010-12-01 16:45 . 2010-12-01 16:54 -------- d-----w- c:\users\XXX\AppData\Local\Oblivion
2010-11-25 17:08 . 2010-11-25 17:08 -------- d-----w- c:\programdata\Electronic Arts
2010-11-25 17:08 . 2010-11-25 17:08 -------- d-----w- c:\programdata\EA Core
2010-11-25 16:49 . 2010-11-25 19:05 -------- d-----w- c:\programdata\Solidshield
2010-11-21 13:35 . 2010-11-21 13:35 -------- d-----w- c:\users\XXX\AppData\Roaming\PCDr
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 15:54 . 2010-01-29 17:07 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2010-01-01 13:17 270720 ------w- c:\windows\system32\MpSigStub.exe
2010-10-01 18:15 . 2010-10-01 18:15 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-06-27 10:43 2447360 ----a-w- c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-06-03 21712]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 342320]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2008-09-08 14352]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
R4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-02 403624]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2010-06-27 300656]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-02 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
Inhalt des "geplante Tasks" Ordners
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 16:23]
2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 16:23]
.
--------- x86-64 -----------
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {75AD296B-0990-41E5-BC0F-03779B81B7D4} = 192.168.0.5
TCP: {7E444FE6-C9F9-476C-8BF7-CB953FF2897D} = 192.168.0.5
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\9qjppzno.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files (x86)\SpeedBit Video Downloader\SPFireFox
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-4098244174-1042992831-1247179864-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,b0,56,57,69,9f,38,14,ce,df,0a,a9,51,48,7c,8e,d9,b9,c3,c2,2b,
90,2c,3a,3e,65,18,c7,86,8e,6a,b2,85,be,c9,92,c0,ba,b2,ef,cb,b8,8d,2b,7a,a8,\
"rkeysecu"=hex:72,41,1d,62,f5,4b,8c,aa,9d,0f,49,9d,85,52,ce,5d
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-21 11:12:45
ComboFix-quarantined-files.txt 2010-12-21 10:12
Vor Suchlauf: 18 Verzeichnis(se), 68.941.467.648 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 68.806.909.952 Bytes frei
- - End Of File - - 84F84D1A1C6317C02655C7F171399306
|
|
21.12.2010, 11:45
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laggs bei banalen Dingen, Logfile checken Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2010, 11:51
| #11 |
| | Laggs bei banalen Dingen, Logfile checken MBRCheck, version 1.2.3 (c) 2010, AD Command-line: Windows Version: Windows 7 Home Premium Edition Windows Information: (build 7600), 64-bit Base Board Manufacturer: Dell Inc. BIOS Manufacturer: Dell Inc. System Manufacturer: Dell Inc. System Product Name: Studio 1745 Logical Drives Mask: 0x0000007c Kernel Drivers (total 195): 0x02C1E000 \SystemRoot\system32\ntoskrnl.exe 0x031FA000 \SystemRoot\system32\hal.dll 0x00BCF000 \SystemRoot\system32\kdcom.dll 0x00C8D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll 0x00CD1000 \SystemRoot\system32\PSHED.dll 0x00CE5000 \SystemRoot\system32\CLFS.SYS 0x00E42000 \SystemRoot\system32\CI.dll 0x00F02000 \SystemRoot\system32\drivers\Wdf01000.sys 0x00FA6000 \SystemRoot\system32\drivers\WDFLDR.SYS 0x01092000 \SystemRoot\System32\Drivers\spva.sys 0x011B8000 \SystemRoot\System32\Drivers\WMILIB.SYS 0x011C1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS 0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys 0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys 0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys 0x00FB5000 \SystemRoot\system32\DRIVERS\pci.sys 0x0106E000 \SystemRoot\System32\drivers\partmgr.sys 0x01083000 \SystemRoot\system32\DRIVERS\compbatt.sys 0x011F0000 \SystemRoot\system32\DRIVERS\BATTC.SYS 0x00FE8000 \SystemRoot\system32\DRIVERS\volmgr.sys 0x00D43000 \SystemRoot\System32\drivers\volmgrx.sys 0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys 0x012E4000 \SystemRoot\system32\DRIVERS\iaStor.sys 0x01200000 \SystemRoot\system32\DRIVERS\amdxata.sys 0x0120B000 \SystemRoot\system32\drivers\fltmgr.sys 0x01257000 \SystemRoot\system32\drivers\fileinfo.sys 0x01401000 \SystemRoot\System32\Drivers\Ntfs.sys 0x0126B000 \SystemRoot\System32\Drivers\msrpc.sys 0x015A4000 \SystemRoot\System32\Drivers\ksecdd.sys 0x00C00000 \SystemRoot\System32\Drivers\cng.sys 0x015BE000 \SystemRoot\System32\drivers\pcw.sys 0x015CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys 0x016A8000 \SystemRoot\system32\drivers\ndis.sys 0x0179A000 \SystemRoot\system32\drivers\NETIO.SYS 0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys 0x0162B000 \SystemRoot\system32\DRIVERS\volsnap.sys 0x01677000 \SystemRoot\System32\Drivers\spldr.sys 0x00D9F000 \SystemRoot\System32\drivers\rdyboost.sys 0x0167F000 \SystemRoot\System32\Drivers\mup.sys 0x01691000 \SystemRoot\System32\drivers\hwpolicy.sys 0x01818000 \SystemRoot\System32\DRIVERS\fvevol.sys 0x01852000 \SystemRoot\system32\DRIVERS\disk.sys 0x01868000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS 0x019D5000 \SystemRoot\system32\DRIVERS\cdrom.sys 0x01800000 \SystemRoot\System32\Drivers\Null.SYS 0x01809000 \SystemRoot\System32\Drivers\Beep.SYS 0x0169A000 \SystemRoot\System32\drivers\vga.sys 0x015D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS 0x012C9000 \SystemRoot\System32\drivers\watchdog.sys 0x012D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0x00E1A000 \SystemRoot\system32\drivers\rdpencdd.sys 0x00E23000 \SystemRoot\system32\drivers\rdprefmp.sys 0x00E2C000 \SystemRoot\System32\Drivers\Msfs.SYS 0x00DD9000 \SystemRoot\System32\Drivers\Npfs.SYS 0x02C01000 \SystemRoot\System32\drivers\tcpip.sys 0x03ADA000 \SystemRoot\System32\drivers\fwpkclnt.sys 0x03B24000 \SystemRoot\system32\DRIVERS\tdx.sys 0x03B42000 \SystemRoot\system32\DRIVERS\TDI.SYS 0x03B4F000 \SystemRoot\system32\drivers\afd.sys 0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys 0x03A45000 \SystemRoot\system32\drivers\ws2ifsl.sys 0x03A50000 \SystemRoot\system32\DRIVERS\wfplwf.sys 0x03A59000 \SystemRoot\system32\DRIVERS\pacer.sys 0x03A7F000 \SystemRoot\system32\DRIVERS\vwififlt.sys 0x03A95000 \SystemRoot\system32\DRIVERS\netbios.sys 0x03AA4000 \SystemRoot\system32\DRIVERS\wanarp.sys 0x03ABF000 \SystemRoot\system32\DRIVERS\termdd.sys 0x03C46000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x03C97000 \SystemRoot\system32\drivers\nsiproxy.sys 0x03CA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0x03CAE000 \SystemRoot\System32\drivers\discache.sys 0x03CBD000 \SystemRoot\System32\Drivers\dfsc.sys 0x03CDB000 \SystemRoot\system32\DRIVERS\blbdrive.sys 0x03CEC000 \SystemRoot\system32\DRIVERS\avipbb.sys 0x03D0E000 \SystemRoot\system32\DRIVERS\tunnel.sys 0x03EC1000 \SystemRoot\system32\DRIVERS\atikmdag.sys 0x044D8000 \SystemRoot\System32\drivers\dxgkrnl.sys 0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys 0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0x03E6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0x03D34000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0x03E77000 \SystemRoot\system32\DRIVERS\usbehci.sys 0x0485A000 \SystemRoot\system32\DRIVERS\bcmwl664.sys 0x04B02000 \SystemRoot\system32\DRIVERS\vwifibus.sys 0x04B0F000 \SystemRoot\system32\DRIVERS\1394ohci.sys 0x04B4D000 \SystemRoot\system32\DRIVERS\sdbus.sys 0x04B6D000 \SystemRoot\system32\DRIVERS\o2mdgx64.sys 0x04B7D000 \SystemRoot\system32\DRIVERS\Rt64win7.sys 0x04BD4000 \SystemRoot\system32\DRIVERS\CmBatt.sys 0x04BD9000 \SystemRoot\system32\DRIVERS\i8042prt.sys 0x04800000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0x0480F000 \SystemRoot\system32\DRIVERS\SynTP.sys 0x04858000 \SystemRoot\system32\DRIVERS\USBD.SYS 0x03E88000 \SystemRoot\system32\DRIVERS\mouclass.sys 0x03D8A000 \SystemRoot\System32\Drivers\afm8kii6.SYS 0x03E97000 \SystemRoot\system32\DRIVERS\Acceler.sys 0x04BF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys 0x03EA3000 \SystemRoot\system32\DRIVERS\intelppm.sys 0x045CC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys 0x045DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys 0x03DCF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0x045F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0x03C00000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0x03BD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0x04E6B000 \SystemRoot\system32\DRIVERS\raspptp.sys 0x04E8C000 \SystemRoot\system32\DRIVERS\rassstp.sys 0x04EA6000 \SystemRoot\system32\DRIVERS\swenum.sys 0x04EA8000 \SystemRoot\system32\DRIVERS\ks.sys 0x04EEB000 \SystemRoot\system32\DRIVERS\umbus.sys 0x04EFD000 \SystemRoot\system32\DRIVERS\usbhub.sys 0x04F57000 \SystemRoot\System32\Drivers\NDProxy.SYS 0x04F6C000 \SystemRoot\system32\drivers\HdAudio.sys 0x04E00000 \SystemRoot\system32\drivers\portcls.sys 0x04E3D000 \SystemRoot\system32\drivers\drmk.sys 0x04E5F000 \SystemRoot\system32\drivers\ksthunk.sys 0x06020000 \SystemRoot\system32\DRIVERS\stwrt64.sys 0x00020000 \SystemRoot\System32\win32k.sys 0x0609B000 \SystemRoot\System32\drivers\Dxapi.sys 0x060A7000 \SystemRoot\system32\DRIVERS\monitor.sys 0x060B5000 \SystemRoot\System32\Drivers\crashdmp.sys 0x060C3000 \SystemRoot\System32\Drivers\dump_iaStor.sys 0x061DF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys 0x06000000 \SystemRoot\system32\DRIVERS\usbccgp.sys 0x04FC8000 \SystemRoot\System32\Drivers\usbvideo.sys 0x01898000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys 0x00590000 \SystemRoot\System32\TSDDD.dll 0x006A0000 \SystemRoot\System32\cdd.dll 0x018C3000 \SystemRoot\system32\drivers\luafv.sys 0x018E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys 0x01903000 \SystemRoot\system32\drivers\WudfPf.sys 0x03C2F000 \SystemRoot\system32\DRIVERS\lltdio.sys 0x01924000 \SystemRoot\system32\DRIVERS\nwifi.sys 0x01977000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x0198A000 \SystemRoot\system32\DRIVERS\rspndr.sys 0x061F2000 \SystemRoot\system32\DRIVERS\vwifimp.sys 0x046C8000 \SystemRoot\system32\drivers\HTTP.sys 0x04790000 \SystemRoot\system32\DRIVERS\bowser.sys 0x047AE000 \SystemRoot\System32\drivers\mpsdrv.sys 0x047C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x04600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys 0x0464E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys 0x06221000 \??\C:\Windows\system32\drivers\acedrv11.sys 0x0627B000 \SystemRoot\system32\DRIVERS\atksgt.sys 0x062CA000 \SystemRoot\system32\DRIVERS\lirsgt.sys 0x062D7000 \SystemRoot\system32\drivers\peauth.sys 0x0637D000 \SystemRoot\System32\Drivers\secdrv.SYS 0x06388000 \SystemRoot\System32\DRIVERS\srvnet.sys 0x063B5000 \SystemRoot\System32\drivers\tcpipreg.sys 0x066E3000 \SystemRoot\System32\DRIVERS\srv2.sys 0x0674A000 \SystemRoot\System32\DRIVERS\srv.sys 0x067E0000 \SystemRoot\system32\drivers\BCM42RLY.sys 0x06600000 \SystemRoot\System32\Drivers\fastfat.SYS 0x06636000 \SystemRoot\system32\DRIVERS\asyncmac.sys 0x06641000 \SystemRoot\system32\DRIVERS\WSDPrint.sys 0x066CF000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS 0x77720000 \WINDOWS\System32\ntdll.dll 0x47B00000 \WINDOWS\System32\smss.exe 0xFFA40000 \WINDOWS\System32\apisetschema.dll 0xFF250000 \WINDOWS\System32\autochk.exe 0xFFA20000 \WINDOWS\System32\nsi.dll 0xFF8F0000 \WINDOWS\System32\rpcrt4.dll 0xFF820000 \WINDOWS\System32\usp10.dll 0xFF7B0000 \WINDOWS\System32\gdi32.dll 0xFF730000 \WINDOWS\System32\difxapi.dll 0xFF520000 \WINDOWS\System32\ole32.dll 0xFF4F0000 \WINDOWS\System32\imm32.dll 0xFF410000 \WINDOWS\System32\oleaut32.dll 0xFF400000 \WINDOWS\System32\lpk.dll 0xFF3B0000 \WINDOWS\System32\ws2_32.dll 0xFF390000 \WINDOWS\System32\imagehlp.dll 0x77620000 \WINDOWS\System32\user32.dll 0xFF310000 \WINDOWS\System32\shlwapi.dll 0xFF230000 \WINDOWS\System32\advapi32.dll 0xFE4A0000 \WINDOWS\System32\shell32.dll 0xFE450000 \WINDOWS\System32\Wldap32.dll 0x778F0000 \WINDOWS\System32\psapi.dll 0x77500000 \WINDOWS\System32\kernel32.dll 0xFE3B0000 \WINDOWS\System32\clbcatq.dll 0x778E0000 \WINDOWS\System32\normaliz.dll 0xFE280000 \WINDOWS\System32\wininet.dll 0xFE020000 \WINDOWS\System32\iertutil.dll 0xFDF10000 \WINDOWS\System32\msctf.dll 0xFDEF0000 \WINDOWS\System32\sechost.dll 0xFDE50000 \WINDOWS\System32\comdlg32.dll 0xFDCD0000 \WINDOWS\System32\urlmon.dll 0xFDAF0000 \WINDOWS\System32\setupapi.dll 0xFDA50000 \WINDOWS\System32\msvcrt.dll 0xFD9E0000 \WINDOWS\System32\KernelBase.dll 0xFD940000 \WINDOWS\System32\comctl32.dll 0xFD7D0000 \WINDOWS\System32\crypt32.dll 0xFD7B0000 \WINDOWS\System32\devobj.dll 0xFD770000 \WINDOWS\System32\wintrust.dll 0xFD730000 \WINDOWS\System32\cfgmgr32.dll 0xFD720000 \WINDOWS\System32\msasn1.dll 0x75C60000 \WINDOWS\SysWOW64\normaliz.dll Processes (total 52): 0 System Idle Process 4 System 308 C:\WINDOWS\System32\smss.exe 408 csrss.exe 488 C:\WINDOWS\System32\wininit.exe 500 csrss.exe 544 C:\WINDOWS\System32\services.exe 560 C:\WINDOWS\System32\lsass.exe 568 C:\WINDOWS\System32\lsm.exe 668 C:\WINDOWS\System32\svchost.exe 752 C:\WINDOWS\System32\svchost.exe 804 C:\WINDOWS\System32\svchost.exe 856 C:\WINDOWS\System32\svchost.exe 880 C:\WINDOWS\System32\svchost.exe 928 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe 420 C:\WINDOWS\System32\svchost.exe 620 C:\Program Files\Dell\DellDock\DockLogin.exe 888 C:\WINDOWS\System32\winlogon.exe 1212 C:\WINDOWS\System32\svchost.exe 1316 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE 1324 C:\WINDOWS\System32\wlanext.exe 1344 C:\WINDOWS\System32\conhost.exe 1360 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE 1464 C:\WINDOWS\System32\spoolsv.exe 1512 C:\WINDOWS\System32\svchost.exe 1648 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe 1816 C:\WINDOWS\System32\svchost.exe 1852 C:\WINDOWS\System32\svchost.exe 1348 C:\WINDOWS\System32\taskhost.exe 1636 C:\WINDOWS\System32\taskeng.exe 1988 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 1700 C:\WINDOWS\explorer.exe 2060 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe 2504 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe 2512 C:\Program Files\IDT\WDM\sttray64.exe 2544 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe 2716 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe 2860 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe 2632 C:\WINDOWS\System32\SearchIndexer.exe 3300 C:\WINDOWS\System32\svchost.exe 3508 C:\Program Files\Windows Media Player\wmpnetwk.exe 3268 C:\WINDOWS\System32\svchost.exe 3324 C:\WINDOWS\System32\dwm.exe 4040 C:\WINDOWS\System32\svchost.exe 3932 C:\WINDOWS\System32\audiodg.exe 2336 C:\Program Files (x86)\Mozilla Firefox\firefox.exe 1384 C:\Program Files (x86)\QIP 2010\qip.exe 3840 C:\WINDOWS\System32\SearchProtocolHost.exe 3928 C:\WINDOWS\System32\SearchFilterHost.exe 4004 C:\Users\XXX\Desktop\MBRCheck.exe 3900 C:\WINDOWS\System32\conhost.exe 2100 C:\WINDOWS\System32\dllhost.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS) \\.\E: --> \\.\PhysicalDrive0 at offset 0x00000028`58200000 (NTFS) \\.\F: --> \\.\PhysicalDrive0 at offset 0x00000039`6f000000 (NTFS) PhysicalDrive0 Model Number: ST9320423AS, Rev: 0004SDM1 Size Device Name MBR Status -------------------------------------------- 298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979 Done! |
|
21.12.2010, 11:52
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laggs bei banalen Dingen, Logfile checken Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2010, 16:49
| #13 |
| | Laggs bei banalen Dingen, Logfile checken Malwarebytes LMalwarebytes' Anti-Malware 1.50 www.malwarebytes.org Datenbank Version: 5360 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 21.12.2010 12:30:20 mbam-log-2010-12-21 (12-30-20).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|) Durchsuchte Objekte: 400431 Laufzeit: 34 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) og: SuperAntiSpyware Log: SUPERAntiSpyware Scan Log hxxp://www.superantispyware.com Generated 12/21/2010 at 04:44 PM Application Version : 4.47.1000 Core Rules Database Version : 6045 Trace Rules Database Version: 3857 Scan type : Complete Scan Total Scan Time : 01:42:57 Memory items scanned : 620 Memory threats detected : 0 Registry items scanned : 15016 Registry threats detected : 4 File items scanned : 239809 File threats detected : 2 Browser Hijacker.Deskbar (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B} (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32 (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib (x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version Trojan.Agent/Gen-FraudLoad C:\GAMES\GTA\PC\GLOBE CONVERTER.EXE Adware.HBHelper C:\QOOBOX\QUARANTINE\C\PROGRAM FILES (X86)\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL.VIR Hat was länger gedauert, musste den Schnee genießen :-D Danke  |
|
21.12.2010, 22:21
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Laggs bei banalen Dingen, Logfile checken Sieht ok aus, da wurden nur Cookies und Überreste gefunden. Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
21.12.2010, 22:28
| #15 |
| | Laggs bei banalen Dingen, Logfile checken Nein bisher läufts gut, hab (bisher) keine eklatanten FPS Drops mehr feststellen können. Vielen Dank noch mal, gute Sache dieses Board hier, sollte ich mal wieder ein Problem haben melde ich mich hier |
|
| Themen zu Laggs bei banalen Dingen, Logfile checken |
| adobe, antivir, antivir guard, avira, beim spielen, bho, browser, desktop, downloader, excel, explorer, file, firefox, google, hijack, hijackthis, internet, internet explorer, logfile, monitor, mozilla, performance, plug-in, software, spielen, syswow64, windows, wlan, wmp |
Linear-Darstellung
