| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: laptop arbeitet plötzlich mit extremen VerzögerungenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.10.2011, 21:38
| #1 |
 |  laptop arbeitet plötzlich mit extremen Verzögerungen hallo zusammen, Mein Laptop (Acer Aspire 8935G) macht seit 2 Tagen Probleme. Beim hochfahren z.b bleibt er nachdem antivir Bild hängen,oder aber auch zu einem früheren oder späteren Zeitpunkt beim Laden der Autostart Leiste. Wenn ich es dann (nach mehreren Versuchen)doch geschafft habe in Windows zu landen (Vista 23bit),ist er extrem Leistungsschwach.Für die einfachsten Internetseiten braucht er zu lange Ladezeiten. Am deutlichsten wird diese schwäche allerdings beim spielen von Spielen. Unregelmässige Laags,die klar meinem Laptop zuzuorden sind,obwohl Ping und fps ok sind ! Bisher habe ich Antivir und Malware laufen lassen.Antivir ohne Fund,Malware waren eher 1-2 unbedeutenderere Funde,die ich sofort gelöscht habe. Festplatte defragmentiert und bereinigt,ausserdem auf Fehler überprüft. Graka treiber aktuallisiert. Ausserdem bin ich alle Punkte aus dem Thread "...wird immer langsamer,was tun" ausgeführt...(also alle Autpstarts deaktiviert,usw.) Das Problem besteht weiterhin. Ich weiss keine Lösungsansätze mehr :/ Mein Stystem: Intel Quad 2ghz 4 gb Ram Radeon hd4xxx Würde mich riesig freuen,wenn ich hier mehr Anstätze bekomme um mein Problem ohne formatiereung zu lösen OTL Logfile: Code:
ATTFilter OTL logfile created on: 17.10.2011 23:10:29 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fideler Annette\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.19120) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,90 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 44,86% Memory free 8,68 Gb Paging File | 6,84 Gb Available in Paging File | 78,77% Paging File free Paging file location(s): c:\pagefile.sys 6000 6000 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 450,30 Gb Total Space | 292,21 Gb Free Space | 64,89% Space Free | Partition Type: NTFS Computer Name: ANNETTE-PC | User Name: Fideler Annette | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011.10.17 02:57:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fideler Annette\Downloads\OTL.exe PRC - [2011.08.31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.07.05 21:31:50 | 001,708,544 | ---- | M] (Curse) -- C:\Users\Fideler Annette\AppData\Local\Apps\2.0\CLMOK0V0.NPN\4VO9WREL.7HM\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\CurseClient.exe PRC - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe PRC - [2011.02.18 17:28:38 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe PRC - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.15 16:18:00 | 000,707,104 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe PRC - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe PRC - [2009.04.15 16:17:56 | 000,453,152 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe PRC - [2009.04.14 17:48:50 | 000,075,048 | ---- | M] () -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe PRC - [2009.04.13 12:48:00 | 003,441,152 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\BASVC.exe PRC - [2009.04.13 12:47:52 | 003,351,040 | ---- | M] (Egis Technology Inc.) -- C:\Programme\Acer Bio Protection\CompPtcVUI.exe PRC - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2009.03.05 09:42:42 | 000,805,384 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe PRC - [2009.03.01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe PRC - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.02.11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer VCM\RS_Service.exe PRC - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] (EgisTec Inc.) -- C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe PRC - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2007.02.12 09:43:00 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Windows\System32\drivers\o2flash.exe ========== Modules (No Company Name) ========== MOD - [2011.10.13 09:06:12 | 001,711,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\b67478ec034fdf811a748f1b6b5b1c95\Microsoft.VisualBasic.ni.dll MOD - [2011.10.13 09:04:09 | 002,346,496 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\4b4c359912c1241246f50a4c47dbab3c\System.Runtime.Serialization.ni.dll MOD - [2011.10.13 09:04:06 | 000,256,000 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\a800035f1686fdb0b7a019b954a37cfe\SMDiagnostics.ni.dll MOD - [2011.10.13 09:04:05 | 017,404,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\6b2ee1fdc6a182722db04af9c3cd10c3\System.ServiceModel.ni.dll MOD - [2011.10.13 09:03:14 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\6d2f689baff5da3df134fdec0742a13c\System.Runtime.Remoting.ni.dll MOD - [2011.10.13 09:03:04 | 011,804,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\e00630ec1e225a2376fdd430645e20f7\System.Web.ni.dll MOD - [2011.10.13 09:02:49 | 001,801,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4e0e6e88d80780d87bb74e72d5bb1230\System.Deployment.ni.dll MOD - [2011.10.13 09:02:21 | 000,679,936 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll MOD - [2011.10.13 09:02:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll MOD - [2011.10.13 09:02:07 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll MOD - [2011.10.13 03:40:49 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll MOD - [2011.10.13 03:40:32 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll MOD - [2011.10.13 03:40:23 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll MOD - [2011.10.13 03:40:04 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll MOD - [2011.10.13 03:39:58 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\231b0b42eff55de5c7d7debe555c16b7\PresentationFramework.Aero.ni.dll MOD - [2011.10.13 03:39:56 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\94f892556ec9fa7a508fc9d214ceaedf\PresentationFramework.ni.dll MOD - [2011.10.13 03:39:38 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53f949f4664bb316f9b7a00d73a6e290\PresentationCore.ni.dll MOD - [2011.10.13 03:39:22 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\fd2c727bcef2e019eb96c1145f423701\WindowsBase.ni.dll MOD - [2011.10.13 03:39:17 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll MOD - [2011.10.13 03:38:50 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.05.16 18:09:19 | 001,728,512 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3364.37101__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2009.05.16 18:09:19 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2009.05.16 18:09:19 | 000,364,544 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2009.05.16 18:09:19 | 000,290,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3364.37083__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2009.05.16 18:09:19 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2009.05.16 18:09:19 | 000,172,032 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerXpress.Graphics.Dashboard\2.0.3364.37192__90ba9c70f846762e\CLI.Aspect.PowerXpress.Graphics.Dashboard.dll MOD - [2009.05.16 18:09:19 | 000,147,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard\2.0.3364.37179__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Dashboard.dll MOD - [2009.05.16 18:09:19 | 000,139,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3364.37180__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2009.05.16 18:09:19 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3364.37147__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2009.05.16 18:09:19 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3364.37160__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2009.05.16 18:09:19 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3364.37091__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2009.05.16 18:09:19 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3364.37141__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2009.05.16 18:09:19 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3364.37146__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2009.05.16 18:09:19 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3364.37178__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2009.05.16 18:09:19 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2009.05.16 18:09:19 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Wizard\2.0.3364.37108__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Wizard.dll MOD - [2009.05.16 18:09:18 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3364.37103__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2009.05.16 18:09:18 | 000,126,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3364.37139__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2009.05.16 18:09:18 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2009.05.16 18:09:18 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3364.37128__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2009.05.16 18:09:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3364.37107__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2009.05.16 18:09:18 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3364.37129__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2009.05.16 18:09:18 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3364.37138__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2009.05.16 18:09:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3309.28601__90ba9c70f846762e\LOG.Foundation.dll MOD - [2009.05.16 18:09:18 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3364.37140__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2009.05.16 18:09:18 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3309.28603__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2009.05.16 18:09:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2009.05.16 18:09:18 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3309.28608__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2009.05.16 18:09:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3309.28626__90ba9c70f846762e\MOM.Foundation.dll MOD - [2009.05.16 18:09:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3309.28629__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2009.05.16 18:09:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3309.28645__90ba9c70f846762e\AEM.Plugin.REG.Shared.dll MOD - [2009.05.16 18:09:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2009.05.16 18:09:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3309.28627__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2009.05.16 18:09:18 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3309.28647__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2009.05.16 18:09:18 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2009.05.16 18:09:17 | 000,544,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3364.37168__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2009.05.16 18:09:17 | 000,503,808 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3364.37207__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.dll MOD - [2009.05.16 18:09:17 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3364.37097__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2009.05.16 18:09:17 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3364.37174__90ba9c70f846762e\MOM.Implementation.dll MOD - [2009.05.16 18:09:17 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3309.28604__90ba9c70f846762e\CLI.Foundation.dll MOD - [2009.05.16 18:09:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3309.28631__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2009.05.16 18:09:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3309.28630__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2009.05.16 18:09:17 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3309.28617__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2009.05.16 18:09:17 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2009.05.16 18:09:17 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2009.05.16 18:09:17 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3364.37078__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2009.05.16 18:09:16 | 001,142,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3364.37087__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2009.05.16 18:09:16 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3364.37080__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2009.05.16 18:09:16 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3364.37081__90ba9c70f846762e\ATIDEMOS.dll MOD - [2009.05.16 18:09:16 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3364.37080__90ba9c70f846762e\APM.Server.dll MOD - [2009.05.16 18:09:16 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3364.37082__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2009.05.16 18:09:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3309.28628__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2009.05.16 18:09:16 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3364.37079__90ba9c70f846762e\AEM.Server.dll MOD - [2009.05.16 18:09:16 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3309.28621__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2009.05.16 18:09:16 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2009.05.16 18:09:16 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3364.37173__90ba9c70f846762e\CCC.Implementation.dll MOD - [2009.05.16 18:09:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3309.28624__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2009.05.16 18:09:16 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3309.28637__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2009.03.30 06:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 06:42:12 | 000,413,696 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2009.03.18 16:16:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll MOD - [2009.03.04 14:21:28 | 000,016,384 | R--- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2009.02.18 20:39:53 | 000,098,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Serialization.resources\3.0.0.0_de_b77a5c561934e089\System.Runtime.Serialization.resources.dll MOD - [2008.07.29 19:29:26 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe MOD - [2008.02.03 00:08:12 | 001,722,368 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzArchive10.tgp MOD - [2007.03.13 00:34:20 | 000,162,304 | ---- | M] () -- C:\Windows\System32\ztvunrar36.dll MOD - [2006.05.14 14:03:54 | 000,655,360 | ---- | M] () -- C:\Programme\TUGZip\TzShell.dll MOD - [2005.02.18 00:15:22 | 000,077,824 | ---- | M] () -- C:\Programme\TUGZip\Plugins\TzImage10.tgp ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (CPUCooLServer) SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.02.18 17:30:32 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Stopped] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon) SRV - [2011.02.15 17:25:48 | 000,488,952 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc) SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service) SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2009.04.15 16:17:58 | 000,703,008 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe -- (ePowerSvc) SRV - [2009.04.14 17:48:50 | 000,075,048 | ---- | M] () [Auto | Running] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService) SRV - [2009.04.13 12:48:00 | 003,441,152 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Programme\Acer Bio Protection\BASVC.exe -- (IGBASVC) SRV - [2009.04.11 19:32:00 | 000,061,184 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2009.03.01 23:21:32 | 000,567,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.02.11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.02.05 08:14:56 | 000,237,568 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service) SRV - [2008.10.27 12:05:28 | 000,306,736 | ---- | M] () [Auto | Running] -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.02.12 09:43:00 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\System32\drivers\o2flash.exe -- (O2FLASH) ========== Driver Services (SafeList) ========== DRV - [2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.02.15 17:25:36 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL) DRV - [2010.11.11 21:19:24 | 000,021,080 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiopnp.sys -- (ntiopnp) DRV - [2010.08.10 15:49:36 | 000,011,392 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\ntiomin.sys -- (ntiomin) DRV - [2010.05.15 16:30:46 | 000,457,304 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant) DRV - [2009.12.25 18:58:23 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.05.16 18:27:30 | 000,026,928 | ---- | M] (Egistec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.04.14 11:27:22 | 000,162,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.03.19 03:49:00 | 000,058,144 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2mdg.sys -- (O2MDGRDR) DRV - [2009.03.18 17:06:28 | 004,386,304 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag) DRV - [2009.03.18 15:33:14 | 000,093,184 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2009.03.18 15:18:28 | 004,568,064 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdpmd32.sys -- (intelkmd) DRV - [2009.03.05 17:46:12 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/05/16 18:39:24] [Kernel | Auto | Running] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) DRV - [2009.02.24 14:01:54 | 000,041,376 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sdg.sys -- (O2SDGRDR) DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.10.09 16:47:12 | 000,059,952 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2008.10.09 16:47:12 | 000,019,504 | ---- | M] (Egis Incorporated.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2008.10.09 16:47:12 | 000,016,432 | ---- | M] (Egis Incorporated.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2008.09.25 01:37:40 | 003,666,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R) DRV - [2008.09.03 14:12:56 | 000,223,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\k57nd60x.sys -- (k57nd60x) Broadcom NetLink (TM) DRV - [2008.07.10 14:25:24 | 000,042,608 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\AlfaFF.sys -- (AlfaFF) DRV - [2008.07.03 05:24:46 | 000,026,752 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA310USB.sys -- (A310) DRV - [2008.07.03 05:24:42 | 000,047,104 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVerA310Cap.sys -- (BDASwCap) DRV - [2008.03.12 13:52:34 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15) DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Programme\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm-Sicherheit Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13" FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1 FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:3.2.3.3 FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2011.09.27 17:58:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.30 18:11:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.29 17:05:15 | 000,000,000 | ---D | M] [2009.11.27 17:20:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Extensions [2011.10.11 16:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions [2010.11.01 00:08:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.09.28 15:34:18 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Community Toolbar) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280} [2011.08.02 09:35:54 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2011.09.28 15:34:21 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.09.04 14:35:58 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.09.28 15:34:24 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} [2011.10.11 16:01:10 | 000,000,000 | ---D | M] (♬ MediaPimp - Internet Radio, Save Videos, Screengrab & More) -- C:\Users\Fideler Annette\AppData\Roaming\mozilla\Firefox\Profiles\ayumoyi1.default\extensions\Konverts@MediaPimp.com [2011.05.18 16:07:08 | 000,000,943 | ---- | M] () -- C:\Users\Fideler Annette\AppData\Roaming\Mozilla\Firefox\Profiles\ayumoyi1.default\searchplugins\conduit.xml [2011.10.14 16:29:25 | 000,001,056 | ---- | M] () -- C:\Users\Fideler Annette\AppData\Roaming\Mozilla\Firefox\Profiles\ayumoyi1.default\searchplugins\icqplugin.xml [2011.07.19 11:00:58 | 000,002,227 | ---- | M] () -- C:\Users\Fideler Annette\AppData\Roaming\Mozilla\Firefox\Profiles\ayumoyi1.default\searchplugins\s-amazon-de.xml [2011.05.16 16:48:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.07.07 14:54:56 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011.09.30 18:11:21 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2008.02.07 22:46:12 | 000,087,360 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\CgpCore.dll [2008.02.07 22:46:20 | 000,091,448 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\confmgr.dll [2008.02.07 22:46:16 | 000,021,824 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\ctxlogging.dll [2007.03.16 18:27:00 | 000,479,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcm80.dll [2007.03.16 18:27:00 | 000,548,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcp80.dll [2007.03.16 18:27:00 | 000,626,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\msvcr80.dll [2008.02.07 22:48:26 | 000,419,136 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npicaN.dll [2008.02.07 22:46:12 | 000,024,384 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\mozilla firefox\plugins\TcpPServ.dll [2011.09.30 18:11:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.09.30 18:11:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.09.30 18:11:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.09.30 18:11:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.09.30 18:11:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.09.30 18:11:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll̀ File not found O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files\ZoneAlarm-Sicherheit\tbZone.dll̀ File not found O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - C:\Programme\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.) O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Fideler Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fideler Annette\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CCF1F35-89A4-409A-830B-49B30CD35E4D}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43A23E45-8F5C-4258-95E4-E0D462E48001}: DhcpNameServer = 10.84.42.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Fideler Annette\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Fideler Annette\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk - C:\Programme\Acer\Acer VCM\AcerVCM.exe - (Acer Incorporated) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe - (Broadcom Corporation.) MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig - StartUpReg: ArcadeDeluxeAgent - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) MsConfig - StartUpReg: BackupManagerTray - hkey= - key= - C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) MsConfig - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) MsConfig - StartUpReg: EgisTecLiveUpdate - hkey= - key= - C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (EgisTec Inc.) MsConfig - StartUpReg: ISW - hkey= - key= - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig - StartUpReg: mwlDaemon - hkey= - key= - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (EgisTec Inc.) MsConfig - StartUpReg: PlayMovie - hkey= - key= - C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) MsConfig - StartUpReg: ProductReg - hkey= - key= - C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) MsConfig - StartUpReg: VitaKeyPdtWzd - hkey= - key= - C:\Program Files\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.) MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe () MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011.10.17 00:36:16 | 000,000,000 | ---D | C] -- C:\Windows\pss [2011.10.16 21:08:55 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011.10.16 20:13:29 | 000,000,000 | ---D | C] -- C:\AMD [2011.10.16 20:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy Driver Pro [2011.10.16 20:01:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro [2011.10.16 20:00:35 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Driver Pro [2011.10.16 19:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB [2011.10.16 19:07:30 | 000,000,000 | ---D | C] -- C:\Users\Fideler Annette\AppData\Local\PC_Drivers_Headquarters [2011.10.16 19:07:13 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Drivers HeadQuarters [2011.10.16 19:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Detective [2011.10.16 19:05:42 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters [2011.10.16 02:58:56 | 000,000,000 | ---D | C] -- C:\Users\Fideler Annette\AppData\Roaming\WinRAR [2011.10.16 02:58:56 | 000,000,000 | ---D | C] -- C:\Users\Fideler Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.10.16 02:58:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.10.16 02:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2011.10.15 21:17:52 | 000,000,000 | ---D | C] -- C:\Users\Fideler Annette\Application Data [2011.10.14 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\Fideler Annette\AppData\Roaming\Malwarebytes [2011.10.14 22:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2011.10.14 22:18:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2011.10.14 22:18:23 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2011.10.14 22:18:23 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2011.10.14 00:30:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA% [2011.10.08 16:21:31 | 000,000,000 | ---D | C] -- C:\Users\Fideler Annette\Desktop\Neuer Ordner [2011.09.27 17:38:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZoneAlarm [2009.04.14 09:04:56 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll ========== Files - Modified Within 30 Days ========== [2011.10.17 23:02:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011.10.17 23:02:18 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011.10.17 23:01:07 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011.10.17 23:01:05 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cac6c8aa536780.job [2011.10.17 22:35:18 | 000,000,512 | ---- | M] () -- C:\Users\Fideler Annette\Desktop\MBR.dat [2011.10.17 17:08:12 | 000,633,580 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2011.10.17 17:08:12 | 000,600,138 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011.10.17 17:08:12 | 000,128,990 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2011.10.17 17:08:12 | 000,106,014 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011.10.17 17:01:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.10.17 00:17:56 | 000,008,404 | ---- | M] () -- C:\Users\Fideler Annette\AppData\Local\d3d9caps.dat [2011.10.16 20:18:42 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2011.10.16 20:01:01 | 000,002,206 | ---- | M] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk [2011.10.16 19:06:19 | 000,002,364 | ---- | M] () -- C:\Users\Public\Desktop\Driver Detective.lnk [2011.10.14 23:02:03 | 000,014,991 | ---- | M] () -- C:\Users\Fideler Annette\Documents\ztztztz [2011.10.14 22:55:24 | 000,015,505 | ---- | M] () -- C:\Users\Fideler Annette\Documents\asdf [2011.10.14 22:18:37 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.10.13 03:35:45 | 000,296,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011.09.27 17:39:08 | 000,421,442 | -H-- | M] () -- C:\Windows\System32\drivers\vsconfig.xml [2011.09.27 17:38:53 | 000,011,954 | ---- | M] () -- C:\Windows\System32\vsconfig.xml [2011.09.27 17:38:53 | 000,000,875 | ---- | M] () -- C:\Users\Fideler Annette\Desktop\ZoneAlarm Security.lnk [2011.09.27 11:27:12 | 000,000,771 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk [2011.09.27 00:42:39 | 000,088,285 | ---- | M] () -- C:\Users\Fideler Annette\Desktop\ümit.jpg [2011.09.19 19:45:39 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk ========== Files Created - No Company Name ========== [2011.10.17 22:09:52 | 000,000,512 | ---- | C] () -- C:\Users\Fideler Annette\Desktop\MBR.dat [2011.10.16 20:01:00 | 000,002,206 | ---- | C] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk [2011.10.16 19:06:19 | 000,002,364 | ---- | C] () -- C:\Users\Public\Desktop\Driver Detective.lnk [2011.10.14 23:02:03 | 000,014,991 | ---- | C] () -- C:\Users\Fideler Annette\Documents\ztztztz [2011.10.14 22:55:24 | 000,015,505 | ---- | C] () -- C:\Users\Fideler Annette\Documents\asdf [2011.10.14 22:18:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2011.09.27 17:38:53 | 000,000,875 | ---- | C] () -- C:\Users\Fideler Annette\Desktop\ZoneAlarm Security.lnk [2011.09.27 00:39:24 | 000,088,285 | ---- | C] () -- C:\Users\Fideler Annette\Desktop\ümit.jpg [2011.06.24 20:51:18 | 000,036,352 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2010.11.11 21:19:24 | 000,021,080 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys [2010.08.10 15:49:36 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys [2010.05.23 00:10:13 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.12.25 04:19:06 | 000,008,404 | ---- | C] () -- C:\Users\Fideler Annette\AppData\Local\d3d9caps.dat [2009.12.15 19:27:57 | 000,002,336 | ---- | C] () -- C:\Windows\WinInit.Ini [2009.11.27 17:20:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009.11.14 21:01:26 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2009.11.14 21:01:26 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2009.10.25 17:00:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009.10.25 17:00:43 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009.10.24 16:21:26 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2009.10.24 13:59:14 | 000,020,992 | ---- | C] () -- C:\Users\Fideler Annette\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.10.23 23:16:38 | 000,000,000 | ---- | C] () -- C:\Users\Fideler Annette\AppData\Roaming\wklnhst.dat [2009.10.23 21:48:13 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat [2009.05.16 18:55:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat [2009.05.16 18:55:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat [2009.05.16 18:55:16 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat [2009.05.16 18:26:15 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll [2009.05.16 18:26:15 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe [2009.05.16 18:26:15 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe [2009.05.16 18:26:15 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini [2009.05.16 18:15:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2009.04.14 09:03:09 | 000,982,196 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2009.04.14 09:03:08 | 000,417,344 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2009.04.14 09:03:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2009.04.14 09:03:08 | 000,139,824 | ---- | C] () -- C:\Windows\System32\igfcg500.bin [2009.04.14 09:03:08 | 000,097,448 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2009.04.14 09:03:08 | 000,000,481 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2009.04.14 09:03:07 | 000,181,944 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2009.04.14 01:11:00 | 000,115,528 | ---- | C] () -- C:\Windows\System32\drivers\RtConvEQ.DAT [2009.04.14 01:11:00 | 000,000,680 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat [2009.04.14 01:11:00 | 000,000,016 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat [2009.04.13 23:59:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008.09.11 14:01:00 | 000,081,920 | ---- | C] () -- C:\Windows\System32\INT15.dll [2008.09.09 11:38:48 | 000,097,792 | ---- | C] () -- C:\Windows\System32\INT15_64.dll [2008.09.09 11:38:48 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys [2008.05.21 20:46:08 | 000,118,784 | ---- | C] () -- C:\Windows\System32\VMC3KAPI.dll [2008.04.08 14:34:26 | 000,000,427 | ---- | C] () -- C:\Windows\System32\atipblup.dat [2008.03.12 13:52:34 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys [2008.01.21 09:15:58 | 000,633,580 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2008.01.21 09:15:58 | 000,128,990 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006.11.02 14:47:37 | 000,296,064 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 12:33:01 | 000,600,138 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006.11.02 12:33:01 | 000,106,014 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2009.10.23 23:14:25 | 000,000,000 | -HSD | M] -- C:\Users\Fideler Annette\AppData\Roaming\.# [2009.10.24 00:26:20 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\Acer [2009.04.14 01:28:14 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\Acer GameZone Console [2010.02.13 19:49:03 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\Acreon [2011.05.20 16:53:46 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\CheckPoint [2010.09.04 14:35:57 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\DVDVideoSoftIEHelpers [2009.10.23 23:14:31 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\eSobi [2011.05.20 05:18:46 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\ICAClient [2011.08.13 17:50:55 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\ICQ [2011.05.30 02:53:06 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\LolClient [2009.11.02 18:49:43 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\PowerCinema [2011.02.28 20:51:04 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\SoftDMA [2009.10.24 13:03:41 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\streamripper [2011.05.20 05:18:46 | 000,000,000 | ---D | M] -- C:\Users\Fideler Annette\AppData\Roaming\TS3Client [2011.10.16 20:36:50 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2009.10.24 03:30:34 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.26 01:36:31 | 000,000,000 | ---D | M] -- C:\9c9edaa15c194fe9738ee65556 [2009.05.16 18:58:44 | 000,000,000 | -H-D | M] -- C:\ACER [2009.10.24 03:32:33 | 000,000,000 | ---D | M] -- C:\ACERNB [2009.10.24 03:30:23 | 000,000,000 | ---D | M] -- C:\ACERSW [2011.10.16 20:15:53 | 000,000,000 | ---D | M] -- C:\AMD [2009.11.05 21:15:33 | 000,000,000 | ---D | M] -- C:\BlueByte [2009.04.14 02:28:42 | 000,000,000 | ---D | M] -- C:\book [2009.11.12 20:20:19 | 000,000,000 | -HSD | M] -- C:\Boot [2009.05.16 18:36:49 | 000,000,000 | ---D | M] -- C:\CLSetup [2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2009.10.24 03:29:13 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2009.04.14 01:02:56 | 000,000,000 | ---D | M] -- C:\Intel [2009.04.14 01:20:28 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.04.29 20:57:35 | 000,000,000 | ---D | M] -- C:\Poker [2011.10.17 03:14:08 | 000,000,000 | R--D | M] -- C:\Program Files [2011.10.16 20:02:24 | 000,000,000 | -H-D | M] -- C:\ProgramData [2009.10.24 03:29:13 | 000,000,000 | -HSD | M] -- C:\Programme [2011.05.30 02:04:33 | 000,000,000 | ---D | M] -- C:\Riot Games [2011.10.17 23:13:33 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2009.10.24 03:29:38 | 000,000,000 | R--D | M] -- C:\Users [2011.10.17 03:09:48 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.manifest /3 > < MD5 for: EXPLORER.EXE > [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe [2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe [2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe [2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe [2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe < MD5 for: REGEDIT.EXE > [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe [2008.01.21 04:24:53 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-10-17 01:20:11 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:DCAF903C @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ADE16379 @Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:B623B5B8 @Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:9E22BBE8 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:B203B914 < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 17.10.2011 23:10:29 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Fideler Annette\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19120)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,90 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 44,86% Memory free
8,68 Gb Paging File | 6,84 Gb Available in Paging File | 78,77% Paging File free
Paging file location(s): c:\pagefile.sys 6000 6000 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450,30 Gb Total Space | 292,21 Gb Free Space | 64,89% Space Free | Partition Type: NTFS
Computer Name: ANNETTE-PC | User Name: Fideler Annette | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B5AF843-5664-4163-A19E-AE886F873637}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B0810B56-4371-42FC-ABCB-EC89BA025F6E}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0373F553-CF4E-43AA-A0B1-A4B89AE629BB}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{0A77EAAE-AFEB-430D-9EC8-ABE6D03F1B8B}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{12ADD09B-50EB-468B-BBB3-E4B9B8C2F4BA}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{14996E34-4947-43EC-A488-B8F0A5B827B9}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{1BC128BC-AA0D-4A0B-8EAB-020B04F16F7B}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{29BE49E1-FDFC-4221-B78E-7CE3BCF43986}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{2BF06FC4-9B2D-471D-83C9-390C7BBDF8E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2DE84C2D-D215-4F5C-B4A1-77AC2A4D0C93}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{39B090E4-7128-4CD5-9709-E959045B7119}" = dir=in | app=c:\program files\acer\acer vcm\rs_service.exe |
"{4347A2CE-7B31-4E79-A6C8-6E991BFC8516}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{4A4AFA58-6080-4BE0-98FC-4068A44EFDCE}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{4D1012E2-C85A-49F2-A18E-96DE75B5FB11}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4F190C60-C20E-4E7E-A70F-E0078A48CFA6}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{4F3D314E-AF56-4A01-94EB-210F09076125}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{66C2B124-FBEB-427B-975F-E5F42E98952E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6EE2E7DC-F696-4FD4-8AFE-8197F9C18D76}" = dir=in | app=c:\program files\acer\acer vcm\vc.exe |
"{89987820-2437-4553-8673-F5C01EE42469}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{AE22303F-34C6-47CB-BD32-70266EF7B889}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{BB5694E9-6F72-44C6-BF23-9472A2DA2FDF}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{CDFDB3F1-549F-4E4C-9FB4-69DC2DD92111}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{D1EE461F-E777-4BF0-A069-18CD9B04263F}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{D6514484-E655-432B-9288-F0770785E9CB}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{D9DAB4E3-ED05-4D3D-B936-FC337113BE5B}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{DBAA9D5F-DE29-4EF3-960C-3FBD7455FABE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{E227AF4F-5D71-4735-BA16-73AA8D24264E}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{E52EC4C1-5305-4196-8E78-430C9D431214}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
"{E7EE0800-E49F-4493-B732-B8D868FF0D2F}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{EC82F12A-C1A0-4056-BE7F-2A283567E899}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EC93A760-5635-46EA-9C41-0B80474D9A28}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{F1D43F08-16C4-4716-8823-533A89EBEADB}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{F987CB7F-9303-4AD1-B8BE-3D43D65EE311}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe |
"{FA803E5C-A56F-4DBD-BF2A-EA8E173734B5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00B21BFD-D933-E0AE-DB9B-382D9A678D2D}" = CCC Help Norwegian
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04EDFF08-6211-B28C-28F1-E33AB34FDB6A}" = CCC Help Finnish
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0F27E1-1E33-4B42-3BFF-D0F507B34CC2}" = Skins
"{12E5B662-4E43-DEBF-29F5-2F72471CCA68}" = CCC Help Spanish
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{1436DCAB-BEE5-9CB7-8938-D9CC36C213E3}" = CCC Help German
"{15C37D2B-F2A8-8DE1-74FB-5962C724F340}" = CCC Help Russian
"{18142589-2D6B-D61F-49EA-F39DF07541E6}" = CCC Help French
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20ACB2F8-3BCA-45A8-80A2-9D3CB5C25F43}" = Safari
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{272573B6-4B2F-AB1F-7E38-228F75376B58}" = CCC Help Czech
"{27753A06-F44E-05DA-3C39-852E9B0752C9}" = CCC Help Korean
"{2E9A7653-40D8-4306-A032-2CF6D86E079F}" = ATI Catalyst Install Manager
"{30075A70-B5D2-440B-AFA3-FB2021740121}" = Backup Manager Advance
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{526B35E0-5B67-5B80-3046-CAD82863F45A}" = CCC Help Japanese
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59EE38E0-EA2A-9BFC-D01D-79F25AB2C05E}" = Catalyst Control Center Graphics Full Existing
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{6030F82F-8BC7-379A-B4C9-56D93AE003E0}" = CCC Help Greek
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{632DDD27-160E-07CC-E41E-3254C7933E36}" = CCC Help Turkish
"{63367878-F985-7C1A-331C-7683CB6D6B8A}" = CCC Help Thai
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7322E6F2-3130-B968-CBB4-07F2CDCFB2C9}" = CCC Help English
"{7389DA38-3B06-A425-2A77-CEBE79FEEFDC}" = CCC Help Hungarian
"{73FDC722-C263-8F69-B00A-BB670401D430}" = Catalyst Control Center Graphics Previews Vista
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AF8660A-02C5-325A-5C45-03DE5439F344}" = PX Profile Update
"{8B74383E-965E-95B7-670E-774658C12D1E}" = CCC Help Dutch
"{8C95755D-4390-1804-1B9B-5A0E1ACA2C30}" = CCC Help Swedish
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F705129-ADC3-4F17-8B1C-41D786A34A31}" = Catalyst Control Center - Branding
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A1584A04-37AD-7C30-479B-D149CAE771BC}" = CCC Help Portuguese
"{A20B067C-8A58-44BF-9FC7-11E92D916AD2}" = Nuvoton CIR Device Drivers
"{A47E755B-3C96-8289-B2DD-C8B0E707AB05}" = Catalyst Control Center InstallProxy
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A7E87DAD-4B28-675D-D2A7-10F8648EB80D}" = Catalyst Control Center Core Implementation
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AD59ED1B-EE24-AD28-7968-4E2A1B9FF08E}" = CCC Help Polish
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B4346F4B-4B4B-CF48-DC80-34293A19F687}" = Catalyst Control Center Localization All
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BA45D6C9-AC93-288B-DC4C-D65A01A2ED02}" = Application Profiles
"{BF4860E9-E34D-42C4-8CD8-69AAF8FC78F1}" = O2Micro Flash Memory Card Windows Driver
"{C1277C35-E2E1-90A8-DF57-B5E833603B72}" = ccc-utility
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CA0F8066-37F6-F108-4398-4A327D4490A2}" = Catalyst Control Center Graphics Full New
"{CADD61C5-7883-58CC-2BCE-4079CDB09CBD}" = CCC Help Danish
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE101FB8-0D0A-5899-5E18-893CD263F615}" = CCC Help Italian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E5838-93FD-3220-C384-33C09211EBE0}" = CCC Help Chinese Traditional
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DCE20A5F-89DF-D37E-F198-B7E68041A5EE}" = Catalyst Control Center Graphics Light
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E731A9DD-424C-9871-ABBD-A61F5DE421BD}" = ccc-core-static
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FA3035F9-B626-49BC-9256-87FBA68CA3CB}" = CCC Help Chinese Standard
"{FD27D456-ED8A-4027-A1E4-BBF95FAF4799}" = Easy Driver Pro
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Acer Screensaver" = Acer ScreenSaver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.29
"Bejeweled Twist" = Bejeweled Twist
"CPUCooL" = CPUCooL (remove only)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GridVista" = Acer GridVista
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{30075A70-B5D2-440B-AFA3-FB2021740121}" = Acer Backup Manager
"InstallShield_{BF4860E9-E34D-42C4-8CD8-69AAF8FC78F1}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 7.0.1 (x86 de)" = Mozilla Firefox 7.0.1 (x86 de)
"PokerStars" = PokerStars
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TUGZip_is1" = TUGZip 3.5
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"ZoneAlarm" = ZoneAlarm
"ZoneAlarm Toolbar" = ZoneAlarm Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 22.04.2011 22:09:39 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
Desktop\avwsc.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.04.2011 22:19:40 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
Desktop\avwsc.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.04.2011 22:29:41 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
Desktop\avwsc.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 22.04.2011 22:39:42 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
Desktop\avwsc.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.04.2011 09:25:46 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NewTech
Infosystems\Acer Backup Manager\IScheduleSvc.exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files\NewTech Infosystems\Acer Backup Manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.5570".
Definition:
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 23.04.2011 09:26:54 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\NewTech
Infosystems\Acer Backup Manager\BackupManagerTray.exe". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files\NewTech Infosystems\Acer Backup Manager\Microsoft.VC90.MFC\Microsoft.VC90.MFC.MANIFEST"
in Zeile 11. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der
angeforderten Komponente überein. Verweis: Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.5570".
Definition:
Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden
Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 23.04.2011 09:27:10 | Computer Name = Annette-PC | Source = WinMgmt | ID = 10
Description =
Error - 23.04.2011 09:27:14 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
Desktop\avgnt.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.04.2011 09:27:58 | Computer Name = Annette-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Avira\AntiVir
Desktop\avwsc.exe". Die abhängige Assemblierung "Microsoft.VC90.MFC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.30729.1""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 23.04.2011 09:29:27 | Computer Name = Annette-PC | Source = Perflib | ID = 1008
Description =
[ System Events ]
Error - 17.10.2011 11:02:10 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 17.10.2011 11:02:10 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 17.10.2011 11:02:23 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 17.10.2011 11:02:23 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 17.10.2011 11:03:56 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 17.10.2011 11:03:56 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7031
Description =
Error - 17.10.2011 11:05:59 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 17.10.2011 11:05:59 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7034
Description =
Error - 17.10.2011 12:10:40 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7024
Description =
Error - 17.10.2011 12:10:40 | Computer Name = Annette-PC | Source = Service Control Manager | ID = 7034
Description =
< End of report >
|
|
18.10.2011, 13:36
| #2 |
| /// Malware-holic   | laptop arbeitet plötzlich mit extremen Verzögerungen hi
__________________also welche funde unwichtig sind, dass solltest du schon uns überlassen. poste alle Malwarebytes logs, zu finden unter malwarebytes, logdateien.
__________________ |
|
18.10.2011, 15:51
| #3 |
| | laptop arbeitet plötzlich mit extremen Verzögerungen Danke für die Antwort!
__________________und bitte sehr. Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7956 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 16.10.2011 18:41:59 mbam-log-2011-10-16 (18-41-59).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 172300 Laufzeit: 14 Minute(n), 41 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\xxx\AppData\Local\Temp\ptu241d_tmp.exe (PUP.Casino) -> Quarantined and deleted successfully. c:\Users\xxx\downloads\titanpsetup_597514.exe (PUP.Casino) -> Quarantined and deleted successfully. |
|
18.10.2011, 15:53
| #4 |
| /// Malware-holic | laptop arbeitet plötzlich mit extremen Verzögerungen bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.10.2011, 18:33
| #5 |
| | laptop arbeitet plötzlich mit extremen Verzögerungen Combofix Logfile: Code:
ATTFilter ComboFix 11-10-18.02 - XXX 18.10.2011 18:36:33.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2972.1517 [GMT 2:00]
ausgeführt von:: c:\users\XXX\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XXX\AppData\Local\._Revolution_
c:\users\XXX\AppData\Roaming\.#
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-09-18 bis 2011-10-18 ))))))))))))))))))))))))))))))
.
.
2011-10-18 17:18 . 2011-10-18 17:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-18 17:18 . 2011-10-18 17:18 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2011-10-18 13:55 . 2011-10-18 16:18 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E086DD08-478B-4DD6-B249-07B1E48B3D0E}\offreg.dll
2011-10-18 04:39 . 2011-10-18 04:39 -------- d-----w- c:\programdata\ATI
2011-10-18 04:39 . 2011-10-18 04:39 -------- d-----w- c:\program files\AMD APP
2011-10-18 04:32 . 2011-10-18 04:32 -------- d-----w- C:\ATI
2011-10-18 03:53 . 2011-10-18 03:53 -------- d-----w- c:\program files\Common Files\Adobe
2011-10-18 03:50 . 2011-10-18 03:50 -------- d-----w- c:\windows\Sun
2011-10-18 03:48 . 2011-10-18 03:47 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-10-18 03:48 . 2011-10-18 03:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-18 03:47 . 2011-10-18 03:47 -------- d-----w- c:\program files\Java
2011-10-17 22:53 . 2011-10-17 22:53 -------- d-----w- c:\users\Fideler Annette\AppData\Roaming\Avira
2011-10-17 22:52 . 2011-10-11 13:00 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-17 22:52 . 2011-10-11 13:00 134344 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-17 22:52 . 2011-10-17 22:52 -------- d-----w- c:\programdata\Avira
2011-10-17 22:52 . 2011-10-17 22:52 -------- d-----w- c:\program files\Avira
2011-10-17 22:11 . 2011-10-17 22:11 100864 ----a-w- C:\kxliqfow.sys
2011-10-16 19:08 . 2011-10-16 19:08 -------- d-----w- c:\program files\ESET
2011-10-16 18:13 . 2011-10-16 18:15 -------- d-----w- C:\AMD
2011-10-16 18:02 . 2011-10-16 18:02 -------- d-----w- c:\programdata\Easy Driver Pro
2011-10-16 18:00 . 2011-10-16 18:00 -------- d-----w- c:\program files\Easy Driver Pro
2011-10-16 17:07 . 2011-10-16 17:07 -------- d-----w- c:\programdata\UAB
2011-10-16 17:07 . 2011-10-16 18:02 -------- d-----w- c:\users\Fideler Annette\AppData\Local\PC_Drivers_Headquarters
2011-10-16 17:07 . 2011-10-16 17:07 -------- d-----w- c:\programdata\PC Drivers HeadQuarters
2011-10-16 17:05 . 2011-10-16 17:05 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2011-10-14 20:18 . 2011-10-14 20:18 -------- d-----w- c:\users\Fideler Annette\AppData\Roaming\Malwarebytes
2011-10-14 20:18 . 2011-10-14 20:18 -------- d-----w- c:\programdata\Malwarebytes
2011-10-14 20:18 . 2011-10-14 20:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-10-14 20:18 . 2011-08-31 15:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-14 06:23 . 2011-09-12 23:14 7269712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E086DD08-478B-4DD6-B249-07B1E48B3D0E}\mpengine.dll
2011-10-13 22:30 . 2011-10-13 22:30 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-10-12 13:49 . 2011-07-29 16:01 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 13:49 . 2011-07-29 16:01 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 13:49 . 2011-07-29 16:00 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 13:49 . 2011-07-29 16:00 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 13:47 . 2011-08-25 16:14 238080 ----a-w- c:\windows\system32\oleacc.dll
2011-10-12 13:47 . 2011-08-25 16:15 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-10-12 13:47 . 2011-08-25 16:14 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-12 13:47 . 2011-08-25 13:31 4096 ----a-w- c:\windows\system32\oleaccrc.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-18 04:43 . 2011-05-16 14:45 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-10-11 13:00 . 2009-12-24 16:57 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-09-14 09:47 . 2011-09-14 09:47 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-09-14 09:47 . 2011-09-14 09:47 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-09-14 09:46 . 2011-09-14 09:46 13625856 ----a-w- c:\windows\system32\amdocl.dll
2011-09-14 09:38 . 2011-09-14 09:38 37376 ----a-w- c:\windows\system32\amdoclcl.dll
2008-02-07 20:46 . 2008-02-07 20:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2008-02-07 20:46 . 2008-02-07 20:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2008-02-07 20:46 . 2008-02-07 20:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2008-02-07 20:46 . 2008-02-07 20:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2008-02-07 20:46 . 2008-02-07 20:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2008-02-07 20:46 . 2008-02-07 20:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2008-02-07 20:46 . 2008-02-07 20:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-03-16 16:27 . 2007-03-16 16:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll
2007-03-16 16:27 . 2007-03-16 16:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll
2007-03-16 16:27 . 2007-03-16 16:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll
2007-07-20 11:47 . 2007-07-20 11:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2008-02-07 20:46 . 2008-02-07 20:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2011-09-30 16:11 . 2011-05-08 03:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{542e4d79-1970-4e95-9862-fdb96f61b280}]
2010-04-15 10:33 2515552 ----a-w- c:\program files\Messenger_Plus_Live_Germany\tbMess.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 08:08 2393184 ----a-w- c:\program files\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
2010-05-09 10:50 2517088 ----a-w- c:\program files\ZoneAlarm-Sicherheit\tbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{542e4d79-1970-4e95-9862-fdb96f61b280}"= "c:\program files\Messenger_Plus_Live_Germany\tbMess.dll" [2010-04-15 2515552]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
"{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}"= "c:\program files\ZoneAlarm-Sicherheit\tbZone.dll" [2010-05-09 2517088]
.
[HKEY_CLASSES_ROOT\clsid\{542e4d79-1970-4e95-9862-fdb96f61b280}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{542E4D79-1970-4E95-9862-FDB96F61B280}"= "c:\program files\Messenger_Plus_Live_Germany\tbMess.dll" [2010-04-15 2515552]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{542e4d79-1970-4e95-9862-fdb96f61b280}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-10-27 10:05 40496 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-04-15 440864]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-18 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-18 150552]
"PLFSetI"="c:\windows\PLFSetI.exe" [2008-07-29 200704]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-03-05 805384]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-05-06 7227936]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-06 1833504]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-02-18 1043968]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-08-31 449608]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-08 343168]
.
c:\users\Fideler Annette\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-2-13 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Acer VCM.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
backup=c:\windows\pss\Acer VCM.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2010-12-14 16:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcadeDeluxeAgent]
2009-04-13 14:20 156968 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
2009-04-11 17:31 249600 ----a-w- c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
2009-04-13 14:20 202024 ------w- c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecLiveUpdate]
2008-10-27 13:09 199464 ----a-w- c:\program files\EgisTec Egis Software Update\EgisUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2011-02-15 15:25 738808 ----a-w- c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-01-25 14:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 21:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mwlDaemon]
2008-10-27 10:05 346672 ----a-w- c:\program files\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlayMovie]
2009-03-05 12:29 173288 ------w- c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProductReg]
2008-11-17 07:47 135168 ----a-w- c:\program files\Acer\WR_PopUp\ProductReg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2009-02-27 08:20 1434920 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VitaKeyPdtWzd]
2009-04-13 10:47 3553792 ----a-w- c:\program files\Acer Bio Protection\PdtWzd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2008-12-22 29736]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 135664]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-09-24 3666432]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-09-23 50424]
R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-07-10 42608]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]
S1 ntiomin;ntiomin; [x]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};Power Control [2009/05/16 18:39];c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2009-03-05 15:46 87536]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-10-11 86224]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2009-04-14 75048]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-04-15 703008]
S2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2009-05-16 26928]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-04-13 3441152]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 26872]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 488952]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-08-31 366152]
S2 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2008-10-09 19504]
S2 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2008-10-09 16432]
S2 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2008-10-09 59952]
S2 MWLService;MyWinLocker Service;c:\program files\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2008-10-27 306736]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-04-11 61184]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-09-23 144632]
S2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-02-05 237568]
S3 A310;AVerMedia A310 DVB-T;c:\windows\system32\DRIVERS\AVerA310USB.sys [2008-07-03 26752]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-03-18 4386304]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-03-18 93184]
S3 BDASwCap;AVerMedia A310 BDA DVBT Capture Device;c:\windows\system32\drivers\AVerA310Cap.sys [2008-07-03 47104]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [2009-03-18 4568064]
S3 k57nd60x;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60x.sys [2008-09-03 223232]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-08-31 22216]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdg.sys [2009-03-19 58144]
S3 O2SDGRDR;O2SDGRDR;c:\windows\system32\DRIVERS\o2sdg.sys [2009-02-24 41376]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 43008]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cac6c8aa536780.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 23:12]
.
2011-10-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-24 23:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://de.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube to Mp3 Converter - c:\users\Fideler Annette\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Fideler Annette\AppData\Roaming\Mozilla\Firefox\Profiles\ayumoyi1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2613550&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=2&q=
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-AVerMedia A310 (MiniCard, DVB-T) - c:\program files\AVerMedia\AVerMedia A310 (MiniCard
AddRemove-Streamripper - c:\program files\Streamripper\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'lsass.exe'(700)
c:\program files\Acer Bio Protection\PwdFilter.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Zeit der Fertigstellung: 2011-10-18 19:27:05
ComboFix-quarantined-files.txt 2011-10-18 17:27
.
Vor Suchlauf: 16 Verzeichnis(se), 308.742.418.432 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 310.975.684.608 Bytes frei
.
Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14
- - End Of File - - 2E9466C0A5C27844331DFA8813F7EEF3
|
|
18.10.2011, 18:45
| #6 |
| /// Malware-holic | laptop arbeitet plötzlich mit extremen Verzögerungen lade den CCleaner standard: CCleaner - Standard falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ --> laptop arbeitet plötzlich mit extremen Verzögerungen |
|
18.10.2011, 19:32
| #7 |
| | laptop arbeitet plötzlich mit extremen Verzögerungen Acer Arcade Deluxe CyberLink Corp. 15.05.2009 96,9MB 2.6.6413 unnötig Acer Backup Manager NewTech Infosystems 15.05.2009 201MB 1.0.1.58 unnötig Acer Bio Protection Egis Technology Inc. 15.05.2009 88,6MB 6.2.32 unnötig Acer Crystal Eye Webcam Suyin Optronics Corp 15.05.2009 2,95MB 5.1.7.1 unnötig Acer eRecovery Management Acer Incorporated 15.05.2009 11,7MB 4.00.3006 nötig Acer GridVista Acer Inc. 15.05.2009 1,73MB 2.75.825 unbekannt Acer PowerSmart Manager Acer Incorporated 15.05.2009 7,32MB 4.01.3013 unbekannt Acer Product Registration Acer Incorporated 23.10.2009 5,92MB 3.0.0.10 unnötig Acer ScreenSaver Acer 15.05.2009 unbekannt Acer VCM Acer Incorporated 13.04.2009 18,8MB 4.00.3006 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 17.10.2011 11.0.1.152 nötig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 17.10.2011 11.0.1.152 nötig Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 17.10.2011 116,7MB 10.1.1 nötig AMD Catalyst Install Manager Advanced Micro Devices, Inc. 17.10.2011 16,8MB 3.0.842.0 unbekannt Apple Application Support Apple Inc. 05.02.2011 52,7MB 1.4.1 unnötig Apple Mobile Device Support Apple Inc. 05.02.2011 21,7MB 3.3.1.3 unnötig Apple Software Update Apple Inc. 23.12.2009 2,16MB 2.1.1.116 unnötig Application Profiles Advanced Micro Devices, Inc. 15.10.2011 0,34MB 2.0.4292.33784 unbekannt Avira Free Antivirus Avira 17.10.2011 152,9MB 12.0.0.855 Bejeweled Twist PopCap Games 26.01.2010 50,7MB unnötig Bonjour Apple Inc. 14.10.2010 0,76MB 2.0.3.0 unnötig CCleaner Piriform 17.10.2011 4,07MB 3.11 Citrix Presentation Server Client Citrix Systems, Inc. 14.12.2009 unbekannt 33,5MB 10.200.2650 Compatibility Pack für 2007 Office System Microsoft Corporation 14.09.2011 12.0.6425.1000 unbekannt CPUCooL (remove only) 02.08.2011 2,69MB nötig Curse Client Curse 04.07.2011 4.0.1.112 nötig Driver Detective PC Drivers HeadQuarters 15.10.2011 10,1MB 8.0.1 unbekannt DVDVideoSoftTB Toolbar 03.09.2010 2,49MB unnötig Easy Driver Pro Easy Driver Pro 15.10.2011 7,41MB 8.0.1 unnötig ESET Online Scanner v3 15.10.2011 88,7MB unnötig Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 03.09.2010 3,12MB unnötig Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. nötig 03.09.2010 3,44MB ICQ Toolbar ICQ 03.11.2010 3.0.0 unnötig Intel® Matrix Storage Manager Intel Corporation 15.05.2009 46,9MB nötig iTunes Apple Inc. 05.02.2011 144,7MB 10.1.2.17 unnötig Java(TM) 6 Update 27 Oracle 17.10.2011 95,0MB 6.0.270 nötig Launch Manager Acer Inc. 15.05.2009 3,65MB 2.0.02 unbekannt League of Legends Riot Games 29.05.2011 1.484MB 1.02.0000 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 13.10.2011 6,76MB 1.51.2.1300 nötig Messenger_Plus_Live_Germany Toolbar 18.06.2010 2,61MB unnötig Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 24.10.2009 37,0MB unbekannt Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 23.10.2009 37,0MB unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.11.2010 120,3MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.11.2010 24,5MB 4.0.30319 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 16.10.2011 7,92MB 14.0.5130.5003 unbekannt Microsoft Office Home and Student 2007 Microsoft Corporation 23.10.2009 296MB 12.0.6425.1000 unnötig Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 14.09.2011 12.0.6425.1000 unnötig Microsoft Office Suite Activation Assistant Microsoft Corporation 13.04.2009 8,37MB 2.9 unnötig Microsoft Silverlight Microsoft Corporation 12.10.2011 4.0.60831.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 13.04.2009 1,74MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 unbekannt Microsoft Corporation 23.10.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.02.2010 0,33MB 8.0.59193 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 unbekannt Microsoft Corporation 25.12.2009 0,19MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 19.05.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.12.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.05.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 11,1MB 10.0.40219 Microsoft Works Microsoft Corporation 15.12.2010 9.7.0621 MobileMe Control Panel Apple Inc. 05.02.2011 12,0MB 3.1.5.0 unnötig Mozilla Firefox 7.0.1 (x86 de) Mozilla 29.09.2011 39,6MB 7.0.1 nötig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.04.2009 1,29MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 unbekannt MyWinLocker EgisTec 13.04.2009 35,2MB 3.1.36.0 unbekannt NTI Backup Now 5 NewTech Infosystems 13.04.2009 29,5MB 5.1.2.616 unbekannt NTI Media Maker 8 NewTech Infosystems 13.04.2009 187,5MB 8.0.2.6509 unnötig Nuvoton CIR Device Drivers Nuvoton Technology Corporation 13.04.2009 2,91MB 7.60.5007 unbekannt O2Micro Flash Memory Card Windows Driver O2Micro International LTD. 15.05.2009 3,11MB 2.0.07 unnötig Orion Convesoft 13.04.2009 15,0MB 2.5.0 Pando Media Booster Pando Networks Inc. 28.05.2011 7,17MB 2.3.5.9 unbekannt PokerStars PokerStars 21.01.2011 83,0MB nötig QuickTime Apple Inc. 05.02.2011 73,7MB 7.69.80.9 unnötig Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.05.2009 11,4MB 6.0.1.5847 nötig Safari Apple Inc. 14.10.2010 41,3MB 5.33.18.5 unnötig Skype Toolbars Skype Technologies S.A. 06.07.2011 6,97MB nötig 5.3.7555 Skype™ 5.3 Skype Technologies S.A. 06.07.2011 16,6MB 5.3.120 Synaptics Pointing Device Driver Synaptics Incorporated 15.05.2009 20,3MB 12.2.4.1 unbekannt TeamSpeak 2 RC2 Dominating Bytes Design 10.11.2009 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 21.03.2010 66,4MBnötig TUGZip 3.5 Christian Kindahl 13.11.2009 12,7MB unbekannt Uninstall 1.0.0.1 03.09.2010 44,4MB WIDCOMM Bluetooth Software Broadcom Corporation 15.05.2009 87,7MB 6.2.0.8000 unnötig Winamp Nullsoft, Inc 22.10.2009 35,2MB 5.56 nötig Windows Live Anmelde-Assistent Microsoft Corporation 23.10.2009 unbekannt 1,93MB 5.000.818.6 Windows Live Essentials Microsoft Corporation 08.12.2010 136,6MB 14.0.8117.0416 unbeknnt Windows Live Sync Microsoft Corporation 08.12.2010 2,79MB unbekannt 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 13.04.2009 0,22MB 14.0.8014.1029 unbekannt Windows Media Player Firefox Plugin Microsoft Corp 28.09.2011 0,29MB 1.0.0.8 nötig WinRAR 4.01 (32-Bit) win.rar GmbH 15.10.2011 4,03MB 4.01.0 nötig World of Warcraft Blizzard Entertainment 30.08.2011 33.733MB 4.2.2.14545 Xfire (remove only) 21.07.2011 18,3MB nötig ZoneAlarm Check Point, Inc 26.09.2011 20,8MB 9.2.105.000 nötig ZoneAlarm Toolbar Check Point Software Technologies 26.09.2011 unnötig 26,0MB |
|
18.10.2011, 20:00
| #8 |
| /// Malware-holic | laptop arbeitet plötzlich mit extremen Verzögerungen deinstaliere Acer Bio Acer Crystal Acer GridVista Acer Product Acer ScreenSaver Acer VCM Apple alle Bejeweled Bonjour Driver Detective DVDVideoSoftTB Toolbar Easy Driver Free YouTube Free Audio ICQ Toolbar iTunes Launch Manager League of Legends nicht beschriftet, falls unnötig weg Messenger_Plus_Live_Germany Toolbar Microsoft Office alle falls unnötig Microsoft Silverlight Microsoft SQL MyWinLocker NTI beide Nuvoton O2Micro Orion nicht beschrifftet kann weg falls unnötig Pando QuickTime Safari Skype Toolbars TeamSpeak beide nicht beschriftet, falls unnötig weg TUGZip WIDCOMM Windows Live falls du kein live mail messenger etc nutzt alles weg. ZoneAlarm ist unnötig, die windows firewall ist ausreichend, spare dir den speicher für wichtigeres. ZoneAlarm Toolbar ebenfalls weg. wenn alles deinstaliert, reinige mit ccleaner, starte neu, berichte wie das gerät läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.10.2011, 01:48
| #9 |
| | laptop arbeitet plötzlich mit extremen Verzögerungen Problem besteht leider weiterhin. Ausserdem krieg ich 1 optionales Windows update (intel driver update for intel wifi link 5100 agn)+ 1 wichtiges (internet explorer 7)nicht installiert....??? Mache gerade einen Vollständigen Scan mit Malware,ich kann im Taskmanager beobachtet ,wie der Status der Anwendung, zwischen "wird ausgeführt" und "keine rückmeldung" hin und her schwankt,während nach und nach die Zahl der durchsuchten Objekte steigt...:/ CC Cleaner sieht inzwischen so aus: Acer Arcade Deluxe CyberLink Corp. 15.05.2009 96,9MB 2.6.6413 Acer Backup Manager NewTech Infosystems 15.05.2009 201MB 1.0.1.58 Acer Crystal Eye Webcam Suyin Optronics Corp 15.05.2009 2,95MB 5.1.7.1 Acer eRecovery Management Acer Incorporated 15.05.2009 11,7MB 4.00.3006 Acer PowerSmart Manager Acer Incorporated 15.05.2009 7,32MB 4.01.3013 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 17.10.2011 11.0.1.152 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 17.10.2011 11.0.1.152 Adobe Reader X (10.1.1) - Deutsch Adobe Systems Incorporated 17.10.2011 116,7MB 10.1.1 AMD Catalyst Install Manager Advanced Micro Devices, Inc. 17.10.2011 16,8MB 3.0.842.0 Application Profiles Advanced Micro Devices, Inc. 15.10.2011 0,34MB 2.0.4292.33784 Avira Free Antivirus Avira 17.10.2011 152,9MB 12.0.0.855 CCleaner Piriform 17.10.2011 4,07MB 3.11 Citrix Presentation Server Client Citrix Systems, Inc. 14.12.2009 33,5MB 10.200.2650 Compatibility Pack für 2007 Office System Microsoft Corporation 14.09.2011 12.0.6425.1000 CPUCooL (remove only) 02.08.2011 2,69MB Curse Client Curse 04.07.2011 4.0.1.112 Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. 03.09.2010 3,44MB Intel® Matrix Storage Manager Intel Corporation 15.05.2009 46,9MB Java(TM) 6 Update 27 Oracle 17.10.2011 95,0MB 6.0.270 League of Legends Riot Games 29.05.2011 1.484MB 1.02.0000 Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 13.10.2011 6,76MB 1.51.2.1300 Messenger_Plus_Live_Germany Toolbar 18.06.2010 2,61MB Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 24.10.2009 37,0MB Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 23.10.2009 37,0MB Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.11.2010 120,3MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.11.2010 24,5MB 4.0.30319 Microsoft Office File Validation Add-In Microsoft Corporation 16.10.2011 7,92MB 14.0.5130.5003 Microsoft Office Home and Student 2007 Microsoft Corporation 23.10.2009 296MB 12.0.6425.1000 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Corporation 14.09.2011 12.0.6425.1000 Microsoft Office Suite Activation Assistant Microsoft Corporation 13.04.2009 8,37MB 2.9 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 13.04.2009 1,74MB 3.1.0000 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 23.10.2009 0,25MB 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 27.02.2010 0,33MB 8.0.59193 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 25.12.2009 0,19MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 19.05.2011 0,58MB 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 23.12.2009 0,58MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 16.05.2011 0,58MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 17.06.2011 0,58MB 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 17.10.2011 11,1MB 10.0.40219 Microsoft Works Microsoft Corporation 15.12.2010 9.7.0621 Mozilla Firefox 7.0.1 (x86 de) Mozilla 29.09.2011 39,6MB 7.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 13.04.2009 1,29MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 25.11.2009 1,34MB 4.20.9876.0 PokerStars PokerStars 21.01.2011 83,0MB QuickTime Apple Inc. 05.02.2011 73,7MB 7.69.80.9 Realtek High Definition Audio Driver Realtek Semiconductor Corp. 15.05.2009 11,4MB 6.0.1.5847 Skype™ 5.3 Skype Technologies S.A. 06.07.2011 16,6MB 5.3.120 Synaptics Pointing Device Driver Synaptics Incorporated 15.05.2009 20,3MB 12.2.4.1 TeamSpeak 2 RC2 Dominating Bytes Design 10.11.2009 2.0.32.60 TeamSpeak 3 Client TeamSpeak Systems GmbH 21.03.2010 66,4MB Winamp Nullsoft, Inc 22.10.2009 35,2MB 5.56 Windows Live Anmelde-Assistent Microsoft Corporation 23.10.2009 1,93MB 5.000.818.6 Windows Live Essentials Microsoft Corporation 08.12.2010 136,6MB 14.0.8117.0416 Windows Live Sync Microsoft Corporation 08.12.2010 2,79MB 14.0.8117.416 Windows Live-Uploadtool Microsoft Corporation 13.04.2009 0,22MB 14.0.8014.1029 Windows Media Player Firefox Plugin Microsoft Corp 28.09.2011 0,29MB 1.0.0.8 WinRAR 4.01 (32-Bit) win.rar GmbH 15.10.2011 4,03MB 4.01.0 World of Warcraft Blizzard Entertainment 30.08.2011 33.733MB 4.2.2.14545 Xfire (remove only) 21.07.2011 18,3MB ZoneAlarm Check Point, Inc 26.09.2011 20,8MB 9.2.105.000 Geändert von Schicka (19.10.2011 um 02:30 Uhr) |
|
19.10.2011, 11:20
| #10 |
| /// Malware-holic | laptop arbeitet plötzlich mit extremen Verzögerungen hi, bei zonealarm sagte ich ja, runter! tritt das problem vllt seit dem upgrade auf avira 12 auf?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.10.2011, 18:26
| #11 |
| | laptop arbeitet plötzlich mit extremen Verzögerungen hey... Zonealarm ist deinstalliert(kriege jetzt allerdings eine windows Sicherheitshinweiss das ich keine firewall hätte) Auf Avira 12 habe ich gerade WEGEN den Problemen upgegraded. Letzer Malware Lauf: Malwarebytes' Anti-Malware 1.51.2.1300 Malwarebytes : Free anti-malware, anti-virus and spyware removal download Datenbank Version: 7972 Windows 6.0.6002 Service Pack 2 Internet Explorer 8.0.6001.19120 19.10.2011 13:15:28 mbam-log-2011-10-19 (13-15-28).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|) Durchsuchte Objekte: 304738 Laufzeit: 3 Stunde(n), 58 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\CPUCooL\instser.exe (Adware.Agent) -> Quarantined and deleted successfully. Letzter Avira Lauf: Langsam fang ich an zu glauben,dass es doch kein virus o.ä ist. Kann so etwas durch beschädigte Hardware o.ä auftreten? (wobei ich hier natürlich keine Änderungen vorgenommen habe) Ich weiss einfach nicht mehr woran das liegen könnte.So sauber war mein laptop noch nie. Ich spüre das es ein besimmtes Problem ist und kein allgemeines (Wie etwa eine zu bemüllte Festplatte) |
|
19.10.2011, 18:31
| #12 |
| | laptop arbeitet plötzlich mit extremen Verzögerungen ich bin unfähig ein beitrag zu löschen ! |
|
19.10.2011, 18:40
| #13 |
| /// Malware-holic | laptop arbeitet plötzlich mit extremen Verzögerungen hi, klicke mal auf das wartungs center, aktiviere die windows firewall. läuft das gerät im moment mit akku oder am strom?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.10.2011, 18:54
| #14 |
| | laptop arbeitet plötzlich mit extremen Verzögerungen "Das Sicherheitscenter konnte die Windows Firewall nicht einschalten" >manuell einschalten< Aber auch manuell krieg ich die Firewall nicht eingeschaltet. "Der Dienst Windows-Firewall konnte nicht gestartet werden" am strom,wie immer. hab vor kurzem ein neues Netzteil vom Hersteller bekommen,weil das alte kaputt gegangen ist. Ich habe bis jetzt auch keine Chipsatz Treiber aktuallisiert.. Geändert von Schicka (19.10.2011 um 19:07 Uhr) |
|
19.10.2011, 19:03
| #15 |
| /// Malware-holic | laptop arbeitet plötzlich mit extremen Verzögerungen klicke mal auf start, suchen tippe: dienste suche windows firewall, rechtsklick, eigenschaften, starttyp automatisch, neustart und gucken ob sie läuft.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu laptop arbeitet plötzlich mit extremen Verzögerungen |
| 32-bit, acer, acer aspire, alternate, antivir, arbeitet, autostart, beim spielen, bild, branding, c:\windows\system32\rundll32.exe, checkpoint, conduit, curse, deaktiviert, excel.exe, fehler, fps, fund, gelöscht, gen, hallo zusammen, hängen, igoogle, install.exe, internetseite, laden, langsamer, laptop, launch, locker, malware, microsoft office word, mywinlocker, nicht gefunden, office 2007, plug-in, plötzlich, richtlinie, security update, seite, seiten, spiele, spielen, treiber, version=1.0, vista, windows |
