Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2012, 21:09   #1
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Liebe Helferinnen und Helfer,

ich habe ein gravierendes Problem mit Windows Vista auf meinem HP-Laptop und allem, was da so dranhängt. Kurz gesagt: alle Anwendungen laufen extrem langsam (Firefox benötigt ca. fünf Minuten, bis überhaupt Eingaben möglich sind) oder gar nicht.

Ich entschuldige mich jetzt schonmal für eine nicht sachgerechte Sprache, da ich, wie Ihr bald merken werdet, ein ausgesprochener Computer-Laie bin.

Ich habe hier im Board schon Threads mit sehr ähnlichen Themen gelesen, aber da darauf hingwiesen wurde, dass die Problembehandlung individuell erfolgen muss und ich, wie gesagt, keine Ahnung habe, habe ich dieses Thema eröffnet. Entschuldigt bitte, wenn das nicht nötig war.

Zur Schilderung meines Problems:

Vor gut einer Woche hatte ich die Meldung von "Ad-Aware", dass ein "bedrohlicher Fund" (oder so ähnlich) aufgetaucht ist und aber behandelt wurde. Damit "alle Spuren dieses Fundes getilgt" werden können, sollte ich den Rechner neustarten. Nachdem ich das gemacht hatte, kam die Meldung erneut. Nachdem ich den Rechner wieder neugestartet hatte, wiederholte sich der Vorgang noch einmal, danach war Ruhe. Da mein Rechner im Moment nahezu nicht mehr reagiert, kann ich leider nicht im Bericht von Ad-Aware nachsehen, wie die Funde bezeichnet wurden. Sollte sich das ändern, werde ich die Bezeichnungen sofort nachtragen.

Letzten Samstag (vor drei Tagen) habe bei dem Versuch, einen Stream zu buffern versehentlich auf einen Download-Button geklickt, auf einer Seite wie "filehosting" oder etwas ähnlichem, ich weiß es leider nicht mehr. Noch bevor der Download abgeschlossen war, meldet "Avira" einen schädlichen Fund, woraufhin ich den Download sofort abgebrochen habe. Ich habe dann in Avira den Fund in die Quarantäne verschoben.

Heute (Montag) morgen habe ich den Rechner zum ersten Mal seit über einer Woche heruntergefahren (ich tue das sehr selten, normalerweise klappe ich ihn nur zu, wodurch er in einen Ruhezustand versetzt wird, glaube ich. Jedenfalls habe ich an den Werkseinstellungen bzgl. des Zuklappens keine Änderungen vorgenommen). Als ich den Rechner heute Nachmittag wieder hochfuhr, war das Problem da: Firefox ist extrem langsam, wenn ich den Avira-Suchlauf starte, braucht er zum Durchsuchen einzelner Dateien (!) unglaublich lange, sodass ich einen kompletten Suchlauf von C nicht habe durchführen können (bzw.: er läuft gerade). Der Taskmanager lässt sich nur noch sehr lansam öffnen, und es lassen sich bestimmte Anwendungen nicht mehr schließen.

Wenn der Taskmanager offen ist zeigt er an, dass die CPU-Auslastung zwischen 3 und 10 % liegt. Der seit dreieinhalb Stunden laufenden Avira-Scan von C hat bisher einen Fortschritt von 12 % gemacht und außer drei Warnungen, die ich aber nicht näher benennen kann, nichts gefunden.

Eine letzte Sache noch: In letzter Zeit habe ich mehrmals Updates von "Java" verweigert. Nachdem ich heute ein wenig gegoogelt hatte, habe ich gelesen, dass eine veraltete Java-Version die Geschwindigkeit beeinträchtigen kann. Daher habe ich die neuste Version von Java Runtime Environment heruntergladen (kein Update, wenn ich mich nicht irre), die ich auch noch installieren konnte, was allerdings sehr lange gedauert hat. Es gab aber keine Meldung, dass ich vorher die alte Version löschen solle bzw. dass sich Java bereits auf meinem Rechner befindet.

Vor einer halben Stunde habe ich versucht, Ad-Aware zu öffnen, um die Bezeichnungen der oben erwähnten Funde angeben zu können, es läd immer noch...

Bitte entschuldigt meine langwierigen Beschreibungen, aber ich habe keine Ahnung, was alles relevant sein könnte und weiß mir auch nicht mehr zu helfen.

Ich bedanke mich jetzt schon mal fürs Lesen und hoffe sehr, dass Ihr mir helfen könnt!

Mit besten Grüßen
der Applenaut

Geändert von Applenaut (22.10.2012 um 21:14 Uhr) Grund: Tippfehler; Dank fürs Lesen vergessen

Alt 23.10.2012, 07:59   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hi,

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread




Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.
__________________

__________________

Alt 23.10.2012, 13:41   #3
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hi schrauber,

danke für die zügige Antwort!

Hier folgt der OTL logfile text:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 15:07:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Henning\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,37% Memory free
9,93 Gb Paging File | 8,06 Gb Available in Paging File | 81,11% Paging File free
Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,72 Gb Total Space | 322,63 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 12,04 Gb Total Space | 1,93 Gb Free Space | 16,02% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.23 13:34:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henning\Desktop\OTL.exe
PRC - [2012.08.08 18:37:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 21:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Henning\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 00:44:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 00:44:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.30 11:04:16 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.10.30 11:04:14 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.04 16:17:18 | 000,130,976 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookSvc.exe
PRC - [2011.08.04 16:17:06 | 000,169,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.02.09 20:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.02.09 20:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008.12.17 18:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
PRC - [2008.01.21 05:48:06 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\cmd.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 03:41:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:06:05 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:04:56 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 03:03:56 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.11 04:08:41 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.11 04:08:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 04:08:31 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012.05.11 04:08:31 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.11 04:08:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.11 04:08:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 04:01:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 04:00:24 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.11 04:00:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 03:59:16 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 03:59:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 03:58:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.04.11 09:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.04.11 05:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 07:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 07:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 07:40:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 04:24:43 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 04:24:43 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.11.13 19:00:56 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.11.13 18:54:40 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.11.13 18:54:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.11.13 18:54:30 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.11.13 18:54:28 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.11.13 18:54:10 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.11.13 18:54:08 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.11.13 18:54:08 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.01.22 03:33:14 | 000,943,104 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009.01.13 18:18:40 | 000,089,088 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7af0d372\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009.01.08 14:07:56 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7af0d372\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008.03.18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corporation) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV - [2012.10.13 12:55:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 19:30:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 00:44:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.09 00:44:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.30 11:04:14 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.10.12 20:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 15:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.03.30 07:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.09 20:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009.02.09 20:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.12.17 18:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 14:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 00:44:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 00:44:42 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 16:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.18 15:25:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.01.08 18:59:26 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.27 05:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 03:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.01.22 04:00:54 | 005,105,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.01.20 17:49:48 | 000,195,584 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.01.08 14:07:56 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008.12.20 01:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008.12.05 14:06:10 | 000,131,424 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008.12.05 01:55:12 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.09.04 20:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008.05.28 18:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008.04.28 11:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.03.27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008.03.27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008.01.21 05:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008.01.21 05:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008.01.21 05:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007.08.28 18:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2007.06.18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006.10.04 04:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2011.10.16 23:04:22 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2008.11.28 19:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/19 03:14:08] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {A6F81920-5158-4A35-84DE-40CD9E14E289}
IE:64bit: - HKLM\..\SearchScopes\{187AE447-01FA-4A0F-885B-05E8E35EA45F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{A218D19F-15AC-45D0-9B59-77DA314883D0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{A6F81920-5158-4A35-84DE-40CD9E14E289}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{187AE447-01FA-4A0F-885B-05E8E35EA45F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{A218D19F-15AC-45D0-9B59-77DA314883D0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{A6F81920-5158-4A35-84DE-40CD9E14E289}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {A6F81920-5158-4A35-84DE-40CD9E14E289}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=112454&babsrc=SP_ss&mntrId=57dddefa00000000000000265e75a767
IE - HKCU\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=PV&apn_dtid=YYYYYYYYDE&apn_uid=5EEADEB4-0888-4455-849F-33A1FAEEA9B4&apn_sauid=75A40383-97B0-47B7-8EAE-A0D03CCA2B5E
IE - HKCU\..\SearchScopes\{187AE447-01FA-4A0F-885B-05E8E35EA45F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{A218D19F-15AC-45D0-9B59-77DA314883D0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{A6F81920-5158-4A35-84DE-40CD9E14E289}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 12:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 18:00:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 12:55:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 18:00:47 | 000,000,000 | ---D | M]
 
[2009.11.23 19:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henning\AppData\Roaming\mozilla\Extensions
[2012.09.22 00:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henning\AppData\Roaming\mozilla\Firefox\Profiles\gfmxnvt4.default-1347550859276\extensions
[2012.10.13 12:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.13 12:55:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.13 12:55:46 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012.10.13 12:55:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.04.20 11:21:59 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.19 09:56:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.20 21:21:53 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.01 12:12:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.19 09:56:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.19 09:56:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.19 09:56:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.19 09:56:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Babylon Search
 
O1 HOSTS File: ([2006.09.19 00:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bcool Class) - {9B225492-5F47-4D9F-9595-5EE4844661E0} - C:\ProgramData\Bcool\bhoclass.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Henning\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.175.39.40 195.175.39.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{593EDDB9-8E18-4F8B-A9AB-1BE7117B4268}: DhcpNameServer = 195.175.39.40 195.175.39.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{593EDDB9-8E18-4F8B-A9AB-1BE7117B4268}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC08505C-9B7F-4AA0-82F9-8E13351B7E86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Henning\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Henning\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ce7d3a1-5209-11e0-b173-00269e25cf5c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce7d3a1-5209-11e0-b173-00269e25cf5c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{3edcb723-3fca-11df-8636-00269e25cf5c}\Shell - "" = AutoRun
O33 - MountPoints2\{3edcb723-3fca-11df-8636-00269e25cf5c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{72f47a95-1b40-11e0-8d5d-00269e25cf5c}\Shell - "" = AutoRun
O33 - MountPoints2\{72f47a95-1b40-11e0-8d5d-00269e25cf5c}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe - (McAfee, Inc.)
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DVDAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig:64bit - StartUpReg: SDTray - hkey= - key= - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
MsConfig:64bit - StartUpReg: TSMAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: TVAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePDIRShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 15:01:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Henning\Desktop\OTL.exe
[2012.10.22 18:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.13 12:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.13 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Henning\Desktop\Texte
[2011.02.07 11:23:58 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\AskToolbarInstaller.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 14:57:15 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.10.23 14:57:14 | 000,000,318 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.10.23 14:57:14 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.10.23 14:56:51 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 14:56:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 14:56:44 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 14:56:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 14:56:20 | 4292,698,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 13:34:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henning\Desktop\OTL.exe
[2012.10.22 22:27:29 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.22 21:38:10 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.22 15:58:05 | 519,207,538 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.22 06:52:11 | 001,452,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.22 06:52:11 | 000,631,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.22 06:52:11 | 000,598,334 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.22 06:52:11 | 000,127,948 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.22 06:52:11 | 000,105,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.22 00:03:07 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.10.22 00:03:07 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.10.17 07:05:42 | 000,020,480 | ---- | M] () -- C:\Users\Henning\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.25 21:00:39 | 000,058,136 | ---- | M] () -- C:\Users\Henning\Desktop\Stundenplan_geltend.zip
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.25 21:00:37 | 000,058,136 | ---- | C] () -- C:\Users\Henning\Desktop\Stundenplan_geltend.zip
[2012.08.14 01:51:43 | 000,000,935 | ---- | C] () -- C:\Windows\STA2.ini
[2012.08.08 11:51:50 | 013,017,920 | R--- | C] () -- C:\Users\Henning\globus - ende der moderne.flv
[2012.07.27 18:27:34 | 000,000,128 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.19 23:05:40 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.10.19 23:05:40 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.03.01 22:43:47 | 000,094,208 | RHS- | C] () -- C:\Users\Henning\AppData\Roaming\MSIMRTM.dll
[2011.02.07 11:23:59 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Files\WinPcapNmap.exe
[2010.12.14 22:37:16 | 000,000,680 | ---- | C] () -- C:\Users\Henning\AppData\Local\d3d9caps.dat
[2009.12.04 19:20:20 | 000,000,000 | ---- | C] () -- C:\Users\Henning\AppData\Roaming\AVSDVDPlayer.m3u
[2009.10.24 01:03:13 | 000,020,480 | ---- | C] () -- C:\Users\Henning\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 18:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 20:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 20:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 10:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 09:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 05:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.11.05 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Amazon
[2012.02.27 22:51:19 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Azureus
[2012.04.20 21:21:49 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Babylon
[2009.11.21 02:56:58 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\COWON
[2011.01.08 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\DAEMON Tools Lite
[2012.10.23 14:58:22 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Dropbox
[2010.04.20 11:23:41 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Foxit
[2012.02.28 08:43:07 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Media Finder
[2009.11.23 22:10:13 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\SMART Technologies
[2009.11.23 22:15:42 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\SMART Technologies Inc
[2012.05.16 00:20:42 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\uTorrent
[2011.10.06 21:33:29 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\VDownloader
[2011.10.24 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Zarb
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.11.12 01:22:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.11.25 01:42:02 | 000,000,000 | ---D | M] -- C:\5e5ff551d886e71b9cc90150dd0751
[2009.10.27 23:33:12 | 000,000,000 | -HSD | M] -- C:\boot
[2006.11.02 18:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.13 12:40:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.04.01 13:14:34 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.10.13 12:42:35 | 000,000,000 | -H-D | M] -- C:\HP
[2009.02.23 10:04:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 06:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.02.07 11:24:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.15 06:53:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.09.11 14:11:40 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.13 12:40:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.13 12:43:07 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.10.23 15:10:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.13 12:43:07 | 000,000,000 | -H-D | M] -- C:\System.sav
[2012.04.20 20:07:57 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.13 19:46:49 | 000,000,000 | ---D | M] -- C:\VundoFix Backups
[2012.10.22 15:58:05 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.10.22 17:59:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F83217009FF}
 
< %localappdata%\*. /5 >
[2012.10.23 15:07:15 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Local\Temp

< End of report >
         
--- --- ---


Der extra-report ist ähnlich lang. Ich nehme an, das verheißt nix gutes...OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 23.10.2012 15:07:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Henning\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,49 Gb Available Physical Memory | 62,37% Memory free
9,93 Gb Paging File | 8,06 Gb Available in Paging File | 81,11% Paging File free
Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,72 Gb Total Space | 322,63 Gb Free Space | 71,11% Space Free | Partition Type: NTFS
Drive D: | 12,04 Gb Total Space | 1,93 Gb Free Space | 16,02% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]
"VistaSp2" = CA 88 9D 7F 44 57 CA 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{096DF986-6EC7-4275-B2A9-24FC4039F44F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{52AA0F46-15BD-4652-B0B0-69FB3DD1ECED}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{64DAD9AC-AEF3-4CA6-9D4E-07F2C30F0402}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7CE4819F-01C7-4F2D-AC3E-9AF4321DEF0A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8336FE5C-AD5E-410A-8900-760EB5266077}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{AB772FED-B143-4E0F-AC46-7B5C2DD3E4E6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C19722C2-F3FC-4A98-BD97-727BF6E30BD4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CEC5226D-126F-4CD0-909F-6AF98C3C1D69}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E1264620-9649-49D6-AF7C-8C972E2A422E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{E822F8E3-A62A-4A69-81BE-41789EB2FADB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{F718EF0B-7E85-4314-904D-FAE1912CAD80}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FD3AC4BC-33E5-42B8-B75D-85BCF2643C3B}" = lport=12001 | protocol=17 | dir=in | name=smart webserver handshake multicast port | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035BFAA5-AEE4-481F-AC75-2F94E39F9AE7}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{1608424B-EDD8-42D8-89F1-E9F111E39DD5}" = protocol=17 | dir=in | app=c:\users\henning\appdata\roaming\dropbox\bin\dropbox.exe | 
"{16CE20C8-612C-4FC1-9B38-5054494EF900}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{17136A70-F646-4D0C-9FDA-1EAAAE09D2E8}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{174D769C-3390-4F57-B0E7-07DF09BD2A37}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{240B0E37-6D5F-407E-9A22-D1489314D1A7}" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{25FD0C7A-ECBC-4303-BC2D-EC11C8CD83D9}" = dir=in | app=c:\program files (x86)\msn messenger\livecall.exe | 
"{2F05BFCD-E8DE-4578-8032-9566C141A078}" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"{33D8C0D2-6C45-41CF-83BB-6273F9B529C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C34968C-9B4C-40C9-935C-6A6F464C47A5}" = protocol=6 | dir=in | app=c:\users\henning\appdata\roaming\dropbox\bin\dropbox.exe | 
"{3DB33ACB-29DB-4DCA-9FE1-C9C7A71CD6C1}" = protocol=17 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{47B95E8B-8E1E-474E-A7F4-EE2956DEC6F6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{51190B17-5022-4136-80F3-145D54F04E23}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{543941EB-34FA-4761-A4F2-65F28DB297B5}" = protocol=17 | dir=in | app=c:\program files (x86)\smart technologies\smart board drivers\webserver.exe | 
"{54519110-8213-430C-92BE-AEC4638D4512}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{55AB9887-DFAE-426E-908A-48F204CC9679}" = protocol=6 | dir=out | app=system | 
"{56A223AF-D9A3-4AE0-A25E-115E708D68A8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{58DE8205-8C44-499B-8605-2F78AD597F8D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qp.exe | 
"{5CAE50FD-DBC4-4668-9859-351C2B4E9734}" = protocol=6 | dir=in | app=c:\program files (x86)\vuze\azureus.exe | 
"{6306FFF0-9C36-4813-ADFB-4F705964049E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{642955AB-3974-450D-9274-E1503B7A0D4E}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe | 
"{6990BB38-B6AD-4FFC-9DD4-7BCED928D43C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6DAD6F76-2835-41A8-8944-E4E25ECBCB35}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{6DDAC810-DAF0-49EC-BE7F-7E89D179A92C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6DEF6E17-8E6A-4AF4-8F67-B5E524C3C27F}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{768ECFFB-29DB-4E38-8FB5-78C0526D1ECF}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8122680E-506C-4C05-B39F-B0B06A764E63}" = dir=in | app=c:\program files (x86)\msn messenger\msnmsgr.exe | 
"{874F811B-0F0B-4C66-9950-CD5248ECCEAD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{87D222E4-4C9A-42ED-9063-C29DC6E7C51F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9603D8F2-08B5-427B-A591-E570FDA453E9}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe | 
"{9A06A770-7ED5-405A-87A1-6BE26C9D504F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{A46C5A06-5895-487E-8174-5F8BE4344CA7}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{A8AC131C-D240-464B-A893-885A44C1F7AE}" = protocol=6 | dir=in | app=c:\program files (x86)\smart technologies\smart board drivers\webserver.exe | 
"{B25AA2FF-F5B3-487B-BA93-E6FF21D957F4}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{BED28DBA-3074-4703-B05F-1AB597788239}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{BFC1E822-5E58-4C58-A3E9-E718038B6F5D}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe | 
"{C34F56B3-03D3-4985-85CC-9FF54C730243}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe | 
"{CAE48953-7295-4500-A839-C0DCF36CD0A0}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe | 
"{CFA997FB-9A56-4D84-85FE-BB18F4D6578A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D3F46604-CB88-4595-90BD-310DABCC99FF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D6308BF2-8FB3-439E-A5C4-0335CA6D9D9C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{D9E6AFEA-0067-4830-8AB1-F9A916C724E7}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{E1FE9AB6-0095-4E97-BF40-88CA340B1379}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E579456D-90A2-438C-8531-E1A730DCE19B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F549354E-BA0B-48D6-BA6B-935E362B1043}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F87DA770-CCB4-4E47-8A5F-84E814A84E80}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{FB8D580F-5E34-4170-A5EA-EDE3CF56102F}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\tv\qpservice.exe | 
"TCP Query User{068E7B70-7B17-4088-9761-1BF12F9BD29E}C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
"TCP Query User{12B0E094-E8AC-43A6-B3DC-23B9069308DF}C:\users\henning\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\henning\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{2414D8C5-BF94-4D4C-AC67-F4D57D84C60C}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{337593AC-2966-4DDA-A3C1-CA383D2E1D5B}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{43CFCD3F-B259-47CC-9DFF-294B03A46C1B}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{7191BA3E-EFBA-46E6-987C-C71E38C40251}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{7CDF6832-911B-4898-8A5D-3EEF013EB172}C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe" = protocol=6 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
"TCP Query User{9179C44A-36D1-4726-B46A-DAF9A3783EFA}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"TCP Query User{B5A6F289-C5C6-4EE1-86F7-9B089D875B9D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{F8D007EC-752D-47EE-AA31-B0A134BE429B}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{FE62C626-A3F2-44A0-B5D9-7958E0C5F2C7}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{01F990E0-0799-4AAE-9ED7-BAB5D25DE4F2}C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
"UDP Query User{15A50A2D-372E-488F-969C-D97B7524DC07}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{2F8346AD-1057-444D-AB8E-0142F7AAA14F}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{73FCFF3D-AFDA-41AC-A4F1-1A63793A174D}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"UDP Query User{AA8752FC-66CA-48A3-9A2A-2982B57394AD}C:\program files (x86)\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\chrome\application\chrome.exe | 
"UDP Query User{B78EA506-FF5F-4056-829F-B724D63D956A}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{BB36E685-A73E-43C9-BEC6-DEC21E6BA8AC}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{D1E69A08-8123-4E20-9B7F-BA070F525865}C:\program files (x86)\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\firefox.exe | 
"UDP Query User{DD92AE28-1888-47B9-AC5D-7375B16BD881}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{EFA449E2-E10A-4429-95F7-E70BCE2A30F8}C:\users\henning\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\henning\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{F6F58797-E1B1-4AE1-A0AE-7C03D7661AB9}C:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe" = protocol=17 | dir=in | app=c:\program files (x86)\konami\pro evolution soccer 2011\pes2011.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{069B8328-5DB5-4B25-8A7C-FDCD0F0FFAFC}" = ATI Catalyst Install Manager
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{191C1158-D287-4074-B749-D4CDD321E062}" = ProtectSmart Hard Drive Protection
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6C779495-F38F-F698-DA1D-87589E0ED10B}" = ccc-utility64
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CB49AE77-9D9D-4B79-AAC4-416F68EE66FF}" = Zarb 4.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F1568AA6-5982-4AFB-A871-C68E4328BC3B}" = HP MediaSmart SmartMenu
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"07B260955637F1FF7587ED2AA87459040DD09BF7" = Windows-Treiberpaket - ENE (enecir) HIDClass  (09/04/2008 2.6.0.0)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0054A0F6-00C9-4498-B821-B5C9578F433E}" = HP Help and Support
"{018A980E-99CC-E6E1-1103-460538A91B39}" = CCC Help Dutch
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{04758F02-79E9-A64D-6C95-65EF84E435EA}" = ccc-core-static
"{0C1EBF39-FB4C-106D-56C6-91F926F5E283}" = Catalyst Control Center Graphics Light
"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1
"{0F2C3198-6FA0-78E7-48CF-82F766D0AD60}" = Catalyst Control Center Core Implementation
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{13A5E785-5197-4EAD-8EE3-D660271E49BC}" = Feedback Tool
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{154A4184-1A3D-4BF9-A5AE-4FA1660445F3}" = HP Total Care Advisor
"{187817E2-6407-461C-B59B-56CE73363D34}" = Catalyst Control Center - Branding
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E8FDA17-C7AB-4610-1F54-B5A6695E8B6F}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20E7BC40-33F6-4A81-9D52-B58349326206}" = Bcool
"{24EE4523-711A-4BD1-95EA-F73A8A6950D3}" = Audials TV
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{2FD8E82F-55A4-358A-D74A-DA017F011200}" = Catalyst Control Center Graphics Previews Vista
"{31D94F0F-3602-4789-B6C9-BE2DEADAAC9B}" = Entrance Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 L1
"{34FB8E02-74B4-8018-A2D3-ADB69E06A24A}" = Catalyst Control Center Graphics Previews Common
"{367BC374-0115-EEF1-8471-6EC87AF0D8C3}" = CCC Help Norwegian
"{37BD3ECA-C926-8CF1-4FFF-BC473CF892E1}" = Catalyst Control Center Graphics Full Existing
"{37D31156-0666-0A8B-1313-6120E0FA40D0}" = CCC Help Italian
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FA73E2A-50B6-DCAE-0BDD-FAA128934EE8}" = Catalyst Control Center Graphics Full New
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{478FAEA5-00EB-F676-89C1-3822B94B09A7}" = CCC Help Japanese
"{490951ED-21E8-0B65-0BF5-32F1A3242F28}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57A5AEC1-97FC-474D-92C4-908FCC2253D4}" = HP Customer Experience Enhancements
"{5BAB951D-956E-4D20-CCD5-10BB8E1D4AF0}" = CCC Help Czech
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{632240E4-0BC9-704E-D71F-4C5D396D2CCF}" = CCC Help Chinese Standard
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ABE0E28-3A8E-4ADC-A050-784064B76236}" = HP User Guides 0134
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{732A3F80-008B-4350-BD58-EC5AE98707B8}" = HP Common Access Service Library
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78605EFA-1076-A2B3-AA59-526536BA93E3}" = CCC Help Polish
"{79CB708A-AD4F-A11B-4CA0-713A152C1705}" = CCC Help Portuguese
"{7A9531EF-11A2-D53C-FCB9-8DFCCAD7F2B7}" = CCC Help Spanish
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90EB79E8-6A0F-1660-86C2-9E36A8B01D4A}" = CCC Help Korean
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95A747E0-DF19-46CB-A622-20A0107201BD}" = HP Total Care Setup
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1D37D8A-876C-5A1E-AC00-454D0C024C9B}" = Skins
"{A3AB35FA-943E-4799-99DC-46EFD59E998F}" = AMD USB Audio Driver Filter
"{A7E19604-93AF-4611-8C9F-CE509C2B286E}_is1" = VDownloader 3.0.752
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2AD681E-6741-AB24-90BC-51B2326F8680}" = CCC Help Russian
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BA3733E3-CABE-EA21-F351-69BCFC30CF88}" = CCC Help Hungarian
"{BEA37EFA-5807-4596-B59B-5C89085E33FD}" = Audials
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D0379E71-7CB9-893E-1A20-9581E10999EC}" = Catalyst Control Center InstallProxy
"{D2F31CF3-F83D-6863-4F8A-C8502802E0DD}" = CCC Help Thai
"{D3887E31-A821-9D46-48B2-240E0613EB12}" = CCC Help Chinese Traditional
"{DB5B22F8-D4C2-A320-5151-B3D4CFEF733C}" = CCC Help German
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DD35C328-F115-BEDA-6EEE-E00C5AACCCBC}" = muvee Reveal
"{DD74F03D-8DDC-E124-C971-C3217832EE19}" = CCC Help Turkish
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic
"{E1060959-A299-9D88-60EC-187A55809145}" = CCC Help Swedish
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E551D855-4EE6-852E-5AB8-E9AE95F73B37}" = CCC Help French
"{E5E29403-3D25-40C6-892B-F9FEE2A95585}" = HP Wireless Assistant
"{E6B042BC-3F10-609E-CDC1-2DE2AEB2552F}" = CCC Help Greek
"{EE656C90-7D67-ECAA-B2E4-F4A768CDA1D0}" = CCC Help Finnish
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB7727F-76AF-43B0-E9AC-3F89181A188B}" = Catalyst Control Center Localization All
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F581DF68-CAE9-4064-A6CD-705D95D1C756}" = Notebook Software
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"8461-7759-5462-8226" = Vuze
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Activision_StarTrekArmadaUninstallKey" = Star Trek: Armada
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVS DVD Player_is1" = AVS DVD Player version 2.4
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.10
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"Foxit Reader" = Foxit Reader
"GOM Player" = GOM Player
"Google Chrome" = Google Chrome
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"iLivid" = iLivid
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"McAfee Security Scan" = McAfee Security Scan Plus
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Peggle Deluxe1.0" = Peggle Deluxe
"PhotoStitch" = Canon Utilities PhotoStitch
"Picasa 3" = Picasa 3
"Picture Style Editor" = Canon Utilities Picture Style Editor
"SopCast" = SopCast 3.4.7
"Star Trek Armada II" = Star Trek Armada II
"The Rosetta Stone" = The Rosetta Stone
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV 0.9.18
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"WildTangent hp Master Uninstall" = My HP Games
"WinPcapInst" = WinPcap 4.1.1
"WinRAR archiver" = WinRAR
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Mozilla Firefox 16.0.1 (x86 de)" = Mozilla Firefox 16.0.1 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.10.2012 11:52:39 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SDImmunize.exe, Version 2.0.9.130, Zeitstempel
 0x4ff41d9a, fehlerhaftes Modul snlBase150.bpl, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0xcb4, 
Anwendungsstartzeit 01cdabb63c7ab451.
 
Error - 16.10.2012 11:56:26 | Computer Name = PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 16.10.2012 12:10:08 | Computer Name = PC | Source = EventSystem | ID = 4621
Description = 
 
Error - 16.10.2012 12:11:37 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SDUpdSvc.exe, Version 2.0.9.76, Zeitstempel 
0x4ff41d92, fehlerhaftes Modul snlBase150.bpl, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0xa54, 
Anwendungsstartzeit 01cdabb8eb0dcc35.
 
Error - 16.10.2012 12:11:50 | Computer Name = PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.10.2012 12:12:06 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SDUpdate.exe, Version 2.0.9.87, Zeitstempel 
0x4ff41dbe, fehlerhaftes Modul snlBase150.bpl, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0xd70, 
Anwendungsstartzeit 01cdabb8f6cc34d5.
 
Error - 16.10.2012 12:12:06 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SDImmunize.exe, Version 2.0.9.130, Zeitstempel
 0x4ff41d9a, fehlerhaftes Modul snlBase150.bpl, Version 6.0.6002.18541, Zeitstempel
 0x4ec3e39f, Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0xd40, 
Anwendungsstartzeit 01cdabb8f61e7075.
 
Error - 16.10.2012 12:12:06 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung SDScan.exe, Version 2.0.9.172, Zeitstempel 0x4ff41dad,
 fehlerhaftes Modul snlBase150.bpl, Version 6.0.6002.18541, Zeitstempel 0x4ec3e39f,
 Ausnahmecode 0xc0000135, Fehleroffset 0x0006f52f,  Prozess-ID 0xd7c, Anwendungsstartzeit
 01cdabb8f758a5f5.
 
Error - 16.10.2012 12:15:03 | Computer Name = PC | Source = HP AdvisorUpdate | ID = 0
Description = Ein Teil des Pfades "C:\_pack6\hp-advisor\src\HPAdvisor\Shared\Content\xsd\HPAdvisor.xsd"
 konnte nicht gefunden werden.   bei System.IO.__Error.WinIOError(Int32 errorCode,
 String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode mode,
 FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32 bufferSize,
 FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)

   bei System.IO.FileStream..ctor(String path, FileMode mode, FileAccess access,
 FileShare share, Int32 bufferSize)     bei System.Xml.XmlDownloadManager.GetStream(Uri
 uri, ICredentials credentials)     bei System.Xml.XmlUrlResolver.GetEntity(Uri absoluteUri,
 String role, Type ofObjectToReturn)     bei System.Xml.XmlReader.Create(String inputUri,
 XmlReaderSettings settings, XmlParserContext inputContext)     bei System.Xml.Schema.XmlSchemaSet.Add(String
 targetNamespace, String schemaUri)     bei HPAdvisor.Common.Content.CategoryCollection.ValidateDocument(String
 path) ValidateDocument failed Business\SearchTargets.xml
 
Error - 21.10.2012 17:03:23 | Computer Name = PC | Source = Lavasoft Ad-Aware Service | ID = 0
Description = 
 
 
Error encountered while reading event logs.
 
< End of report >
         
--- --- ---
__________________

Alt 23.10.2012, 14:10   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hi,

die sind immer so lang

Bitte mal deinstallieren:

Spybot
Ad-Aware
java 6 Update 31
Vuze
McAfee Security Scan
Vuze Remote Toolbar
uTorrent




Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.


Und ein frisches OTL logfile.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2012, 14:33   #5
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hi,

ok, mache ich. Im Moment läuft noch der AVAST!-Scan. Das kann wohl auch noch länger dauern, oder?

Kann ich den adwCleaner parallel laufen lassen?

Danke und Gruß
A


Alt 23.10.2012, 14:37   #6
schrauber
/// the machine
/// TB-Ausbilder
 

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



nope, eins nach dem andern
__________________
--> Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen

Alt 23.10.2012, 16:54   #7
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hi,

hier der AVAST!-Scan:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-23 16:00:05
-----------------------------
16:00:05.818 OS Version: Windows x64 6.0.6002 Service Pack 2
16:00:05.818 Number of processors: 2 586 0x301
16:00:05.819 ComputerName: PC UserName:
16:00:35.189 Initialize success
16:03:31.522 AVAST engine defs: 12102300
16:03:43.323 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:03:43.327 Disk 0 Vendor: ST9500325AS 0005HPM1 Size: 476940MB BusType: 3
16:03:43.360 Disk 0 MBR read successfully
16:03:43.364 Disk 0 MBR scan
16:03:43.377 Disk 0 unknown MBR code
16:03:43.404 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464612 MB offset 2048
16:03:43.445 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12324 MB offset 951527424
16:03:43.496 Disk 0 scanning C:\Windows\system32\drivers
16:04:28.696 Service scanning
16:06:18.252 Modules scanning
16:06:18.268 Disk 0 trace - called modules:
16:06:18.309 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys >>UNKNOWN [0xfffffa8004ab72c0]<<spys.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
16:06:18.318 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005049300]
16:06:18.330 3 CLASSPNP.SYS[fffffa6000778c33] -> nt!IofCallDriver -> [0xfffffa8005044600]
16:06:18.341 5 hpdskflt.sys[fffffa6001bf40ee] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004e45060]
16:06:18.353 \Driver\atapi[0xfffffa8004c1e060] -> IRP_MJ_CREATE -> 0xfffffa8004ab72c0
16:06:25.388 AVAST engine scan C:\Windows
16:06:34.293 AVAST engine scan C:\Windows\system32
16:13:42.473 AVAST engine scan C:\Windows\system32\drivers
16:14:14.899 AVAST engine scan C:\Users\Henning
16:28:07.162 File: C:\Users\Henning\AppData\Local\Temp\Addons\C67C06F2\bcool_extension.exe **INFECTED** Win32:BHO-AFE [Adw]
16:32:34.319 File: C:\Users\Henning\AppData\Roaming\MSIMRTM.dll **INFECTED** Win32:MalOb-EI [Cryp]
16:51:11.320 AVAST engine scan C:\ProgramData
17:01:52.083 Scan finished successfully
18:49:16.210 Disk 0 MBR has been saved successfully to "C:\Users\Henning\Desktop\MBR.dat"
18:49:16.221 The log file has been saved successfully to "C:\Users\Henning\Desktop\aswMBR.txt"

Das adw-Suchprotokoll:

# AdwCleaner v2.005 - Datei am 23/10/2012 um 18:58:03 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Henning - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Henning\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Uninstall.exe
Datei Gefunden : C:\Users\Henning\AppData\Local\Temp\Searchqu.ini
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\Ilivid
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\InstallMate
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Ordner Gefunden : C:\ProgramData\Premium
Ordner Gefunden : C:\Users\Administrator\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Administrator\AppData\LocalLow\Vuze_Remote
Ordner Gefunden : C:\Users\Henning\AppData\Local\Babylon
Ordner Gefunden : C:\Users\Henning\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Henning\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\Henning\AppData\Local\Temp\AskSearch
Ordner Gefunden : C:\Users\Henning\AppData\Local\Temp\BabylonToolbar
Ordner Gefunden : C:\Users\Henning\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Henning\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Henning\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\Henning\AppData\Roaming\Media Finder
Ordner Gefunden : C:\Users\Henning\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ilivid
Schlüssel Gefunden : HKCU\Software\MediaFinder
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\MF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\ilivid
Schlüssel Gefunden : HKLM\Software\VDownloader\OpenCandy
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden : HKU\S-1-5-21-905208706-1153048906-3515926920-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-905208706-1153048906-3515926920-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112454&babsrc=HP_ss&mntrId=57dddefa00000000000000265e75a767

-\\ Mozilla Firefox v15.0 (de)

Profilname : default-1347550859276 [Profil par défaut]
Datei : C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\gfmxnvt4.default-1347550859276\prefs.js

[OK] Die Datei ist sauber.

Profilname : JonDoFox
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Henning\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.63] : homepage = "hxxp://search.babylon.com/?affID=112454&babsrc=HP_ss&mntrId=57dddefa00000000000000265e75a767",

*************************

AdwCleaner[R1].txt - [7184 octets] - [23/10/2012 18:58:03]

########## EOF - C:\AdwCleaner[R1].txt - [7244 octets] ##########

Das adw-Löschprotokoll:

# AdwCleaner v2.005 - Datei am 23/10/2012 um 19:03:27 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzer : Henning - PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Henning\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\Uninstall.exe
Datei Gelöscht : C:\Users\Henning\AppData\Local\Temp\Searchqu.ini
Gelöscht mit Neustart : C:\Program Files (x86)\Conduit
Gelöscht mit Neustart : C:\Program Files (x86)\Ilivid
Gelöscht mit Neustart : C:\ProgramData\Babylon
Gelöscht mit Neustart : C:\ProgramData\InstallMate
Gelöscht mit Neustart : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ilivid
Gelöscht mit Neustart : C:\ProgramData\Premium
Gelöscht mit Neustart : C:\Users\Administrator\AppData\LocalLow\PriceGong
Gelöscht mit Neustart : C:\Users\Administrator\AppData\LocalLow\Vuze_Remote
Gelöscht mit Neustart : C:\Users\Henning\AppData\Local\Babylon
Gelöscht mit Neustart : C:\Users\Henning\AppData\Local\Conduit
Gelöscht mit Neustart : C:\Users\Henning\AppData\Local\Ilivid Player
Gelöscht mit Neustart : C:\Users\Henning\AppData\Local\Temp\AskSearch
Gelöscht mit Neustart : C:\Users\Henning\AppData\Local\Temp\BabylonToolbar
Gelöscht mit Neustart : C:\Users\Henning\AppData\LocalLow\Conduit
Gelöscht mit Neustart : C:\Users\Henning\AppData\LocalLow\PriceGong
Gelöscht mit Neustart : C:\Users\Henning\AppData\Roaming\Babylon
Gelöscht mit Neustart : C:\Users\Henning\AppData\Roaming\Media Finder
Gelöscht mit Neustart : C:\Users\Henning\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ilivid
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\ilivid
Schlüssel Gelöscht : HKLM\Software\VDownloader\OpenCandy
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112454&babsrc=HP_ss&mntrId=57dddefa00000000000000265e75a767 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default-1347550859276 [Profil par défaut]
Datei : C:\Users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\gfmxnvt4.default-1347550859276\prefs.js

[OK] Die Datei ist sauber.

Profilname : JonDoFox
Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\JonDoFox\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Henning\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.63] : homepage = "hxxp://search.babylon.com/?affID=112454&babsrc=HP_ss&mntrId=57dddefa00000000000000265e75a767",

*************************

AdwCleaner[R1].txt - [7297 octets] - [23/10/2012 18:58:03]
AdwCleaner[S1].txt - [6858 octets] - [23/10/2012 19:03:27]

########## EOF - C:\AdwCleaner[S1].txt - [6918 octets] ##########



Der neue OTL LOgfile wird grad erstellt...

Alt 23.10.2012, 17:24   #8
schrauber
/// the machine
/// TB-Ausbilder
 

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Alles klar
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2012, 17:38   #9
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Und hier das neue otl-logfile:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.10.2012 19:12:10 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Henning\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,88% Memory free
9,87 Gb Paging File | 7,80 Gb Available in Paging File | 79,01% Paging File free
Paging file location(s): c:\pagefile.sys 6138 6138 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Fi-les (x86)
Drive C: | 453,72 Gb Total Space | 320,04 Gb Free Space | 70,54% Space Free | Partition Ty-pe: NTFS
Drive D: | 12,04 Gb Total Space | 1,93 Gb Free Space | 16,02% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Henning | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.23 13:34:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henning\Desktop\OTL.exe
PRC - [2012.08.08 18:37:35 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.24 21:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Henning\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.09 00:44:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.09 00:44:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.09.13 16:56:02 | 000,168,960 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2009.04.11 09:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\conime.exe
PRC - [2009.02.09 20:14:02 | 000,296,320 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
PRC - [2009.02.09 20:14:02 | 000,116,096 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
PRC - [2008.12.17 18:11:40 | 000,365,952 | ---- | M] () -- C:\Program Files (x86)\SMINST\BLService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 03:41:33 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.14 03:06:05 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.14 03:04:56 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.14 03:03:56 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.05.11 04:08:41 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.11 04:08:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.11 04:08:31 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.ni.dll
MOD - [2012.05.11 04:08:31 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\4b5eaa70d2900b98ccf6fd9915f34d69\System.EnterpriseServices.Wrapper.dll
MOD - [2012.05.11 04:08:30 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\b6d83a652c94b32fc8f99a6df0acd7f4\System.Transactions.ni.dll
MOD - [2012.05.11 04:08:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.11 04:01:25 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.11 04:00:24 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\bfdd10e0a0aacf46bac557ffc5d55ba5\System.Data.ni.dll
MOD - [2012.05.11 04:00:08 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 03:59:16 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.11 03:59:11 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.11 03:58:58 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.04.11 09:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
MOD - [2009.04.11 05:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 07:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 07:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 07:40:03 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.02.25 04:24:43 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 04:24:43 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.11.13 19:00:56 | 000,032,768 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.11.13 18:54:40 | 000,007,168 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.11.13 18:54:38 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.11.13 18:54:30 | 000,118,784 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.11.13 18:54:28 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.11.13 18:54:10 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.11.13 18:54:08 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.11.13 18:54:08 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.01.22 03:33:14 | 000,943,104 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009.01.13 18:18:40 | 000,089,088 | ---- | M] (Andrea Electronics Corpo-ration) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7af0d372\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2009.01.08 14:07:56 | 000,279,040 | ---- | M] (IDT, Inc.) [Auto | Run-ning] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_7af0d372\STacSV64.exe -- (STacSV)
SRV:64bit: - [2008.03.18 17:25:40 | 000,023,040 | ---- | M] (Hewlett-Packard Corpora-tion) [Auto | Running] -- C:\Windows\SysNative\Hpservice.exe -- (hpsrv)
SRV - [2012.10.13 12:55:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.09 19:30:23 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (Ado-beFlashPlayerUpdateSvc)
SRV - [2012.07.13 14:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.09 00:44:41 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVir-Service)
SRV - [2012.05.09 00:44:41 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVir-SchedulerService)
SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (Adobe-ARMservice)
SRV - [2010.10.12 20:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (Ga-mesAppService)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stop-ped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.30 07:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.09 20:14:02 | 000,296,320 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe -- (TVCapSvc)
SRV - [2009.02.09 20:14:02 | 000,116,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe -- (TVSched)
SRV - [2008.12.17 18:11:40 | 000,365,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\SMINST\BLService.exe -- (Recovery Service for Windows)
SRV - [2008.02.03 14:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.09 00:44:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.09 00:44:42 | 000,098,848 | ---- | M] (Avira GmbH) [Fi-le_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.02.29 16:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.01.08 18:59:26 | 000,834,544 | ---- | M] () [Kernel | Boot | Run-ning] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.01.27 05:09:02 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:64bit: - [2009.10.01 03:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2009.01.22 04:00:54 | 005,105,664 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.01.20 17:49:48 | 000,195,584 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2009.01.08 14:07:56 | 000,469,504 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\stwrt64.sys -- (STHDA)
DRV:64bit: - [2008.12.20 01:03:08 | 001,344,000 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\athrx.sys -- (athr)
DRV:64bit: - [2008.12.05 14:06:10 | 000,131,424 | ---- | M] (JMicron Technology Cor-poration) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\jmcr.sys -- (JMCR)
DRV:64bit: - [2008.12.05 01:55:12 | 000,261,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.09.04 20:48:00 | 000,064,000 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\enecir.sys -- (enecir)
DRV:64bit: - [2008.05.28 18:54:18 | 000,026,168 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2008.04.28 11:25:06 | 000,016,400 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.03.27 13:10:56 | 000,026,984 | ---- | M] (Hewlett-Packard Corpora-tion) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2008.03.27 13:10:14 | 000,040,296 | ---- | M] (Hewlett-Packard Corpora-tion) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2008.01.21 05:47:27 | 000,903,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xnacc.sys -- (xnacc)
DRV:64bit: - [2008.01.21 05:46:57 | 003,154,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw3v64.sys -- (NETw3v64)
DRV:64bit: - [2008.01.21 05:46:55 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus)
DRV:64bit: - [2007.08.28 18:04:20 | 000,067,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\xusb21.sys -- (xusb21)
DRV:64bit: - [2007.06.18 18:13:12 | 000,018,432 | ---- | M] (Hewlett-Packard Deve-lopment Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2006.10.04 04:45:36 | 000,273,408 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64)
DRV - [2008.11.28 19:04:24 | 000,146,928 | ---- | M] (CyberLink Corp.) [2009/07/19 03:14:08] [Kernel | Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{187AE447-01FA-4A0F-885B-05E8E35EA45F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{A218D19F-15AC-45D0-9B59-77DA314883D0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE:64bit: - HKLM\..\SearchScopes\{A6F81920-5158-4A35-84DE-40CD9E14E289}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{187AE447-01FA-4A0F-885B-05E8E35EA45F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{A218D19F-15AC-45D0-9B59-77DA314883D0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{A6F81920-5158-4A35-84DE-40CD9E14E289}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{187AE447-01FA-4A0F-885B-05E8E35EA45F}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{A218D19F-15AC-45D0-9B59-77DA314883D0}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{A6F81920-5158-4A35-84DE-40CD9E14E289}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Ga-mes\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 12:55:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 18:00:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.13 12:55:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.22 18:00:47 | 000,000,000 | ---D | M]
 
[2009.11.23 19:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henning\AppData\Roaming\mozilla\Extensions
[2012.09.22 00:05:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Henning\AppData\Roaming\mozilla\Firefox\Profiles\gfmxnvt4.default-1347550859276\extensions
[2012.10.13 12:55:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.13 12:55:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.10.13 12:55:46 | 000,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2012.10.13 12:55:55 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.04.20 11:21:59 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2012.02.19 09:56:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla fire-fox\searchplugins\amazondotcom-de.xml
[2012.09.01 12:12:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla fire-fox\searchplugins\bing.xml
[2012.02.19 09:56:19 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla fire-fox\searchplugins\eBay-de.xml
[2012.02.19 09:56:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla fire-fox\searchplugins\leo_ende_de.xml
[2012.02.19 09:56:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla fire-fox\searchplugins\wikipedia-de.xml
[2012.02.19 09:56:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla fire-fox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
 
O1 HOSTS File: ([2006.09.19 00:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (CIEDownload Object) - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll (SMART Technologies ULC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bcool Class) - {9B225492-5F47-4D9F-9595-5EE4844661E0} - C:\ProgramData\Bcool\bhoclass.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Techno-logies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - No CLSID value found.
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaS-mart\SmartMenu.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defen-der\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\DVD Sui-te\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Play-er\WMPNSCFG.exe File not found
O4 - Startup: C:\Users\Henning\AppData\Roaming\Microsoft\Windows\Start Me-nu\Programs\Startup\Dropbox.lnk = C:\Users\Henning\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActive-Desktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActive-DesktopChanges = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Techno-logies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explo-rer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.175.39.40 195.175.39.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{593EDDB9-8E18-4F8B-A9AB-1BE7117B4268}: DhcpNameServer = 195.175.39.40 195.175.39.39
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{593EDDB9-8E18-4F8B-A9AB-1BE7117B4268}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC08505C-9B7F-4AA0-82F9-8E13351B7E86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corpora-tion)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corpora-tion)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Techno-logies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Henning\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Henning\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2ce7d3a1-5209-11e0-b173-00269e25cf5c}\Shell - "" = AutoRun
O33 - MountPoints2\{2ce7d3a1-5209-11e0-b173-00269e25cf5c}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O33 - MountPoints2\{3edcb723-3fca-11df-8636-00269e25cf5c}\Shell - "" = AutoRun
O33 - MountPoints2\{3edcb723-3fca-11df-8636-00269e25cf5c}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\{72f47a95-1b40-11e0-8d5d-00269e25cf5c}\Shell - "" = AutoRun
O33 - MountPoints2\{72f47a95-1b40-11e0-8d5d-00269e25cf5c}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Me-dia Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %System-Root%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFi-les%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %System-Root%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFi-les(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Inter-face
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %System-Root%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Me-nu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Me-nu^Programs^Startup^Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Of-fice\Office\OSA9.EXE - (Microsoft Corporation)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: CLMLServer for HP TouchSmart - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DVDAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: HP Health Check Scheduler - hkey= - key= - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard)
MsConfig:64bit - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Com-pany)
MsConfig:64bit - StartUpReg: SDTray - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: TSMAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: TVAgent - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: UpdatePDIRShortCut - hkey= - key= - C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: uTorrent - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WirelessAssistant - hkey= - key= - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.23 15:35:03 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Henning\Desktop\aswMBR.exe
[2012.10.23 15:01:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Henning\Desktop\OTL.exe
[2012.10.22 18:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.13 12:55:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.13 09:44:02 | 000,000,000 | ---D | C] -- C:\Users\Henning\Desktop\Texte
[2011.02.07 11:23:58 | 003,056,008 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Fi-les\AskToolbarInstaller.exe
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.23 19:05:35 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.23 19:05:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 19:05:16 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.23 19:05:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.23 19:04:54 | 4292,698,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.23 18:49:16 | 000,000,512 | ---- | M] () -- C:\Users\Henning\Desktop\MBR.dat
[2012.10.23 18:38:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.23 18:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.23 15:27:20 | 000,538,941 | ---- | M] () -- C:\Users\Henning\Desktop\adwcleaner.exe
[2012.10.23 14:11:48 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Henning\Desktop\aswMBR.exe
[2012.10.23 13:34:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Henning\Desktop\OTL.exe
[2012.10.22 15:58:05 | 519,207,538 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.10.22 06:52:11 | 001,452,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.22 06:52:11 | 000,631,256 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.22 06:52:11 | 000,598,334 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.22 06:52:11 | 000,127,948 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.22 06:52:11 | 000,105,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.22 00:03:07 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.10.22 00:03:07 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.10.17 07:05:42 | 000,020,480 | ---- | M] () -- C:\Users\Henning\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.09.25 21:00:39 | 000,058,136 | ---- | M] () -- C:\Users\Henning\Desktop\Stundenplan_geltend.zip
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.23 18:57:08 | 000,538,941 | ---- | C] () -- C:\Users\Henning\Desktop\adwcleaner.exe
[2012.10.23 18:49:16 | 000,000,512 | ---- | C] () -- C:\Users\Henning\Desktop\MBR.dat
[2012.09.25 21:00:37 | 000,058,136 | ---- | C] () -- C:\Users\Henning\Desktop\Stundenplan_geltend.zip
[2012.08.14 01:51:43 | 000,000,935 | ---- | C] () -- C:\Windows\STA2.ini
[2012.08.08 11:51:50 | 013,017,920 | R--- | C] () -- C:\Users\Henning\globus - ende der mo-derne.flv
[2012.07.27 18:27:34 | 000,000,128 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011.10.19 23:05:40 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.10.19 23:05:40 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.03.01 22:43:47 | 000,094,208 | RHS- | C] () -- C:\Users\Henning\AppData\Roaming\MSIMRTM.dll
[2011.02.07 11:23:59 | 000,444,283 | ---- | C] () -- C:\Program Files (x86)\Common Fi-les\WinPcapNmap.exe
[2010.12.14 22:37:16 | 000,000,680 | ---- | C] () -- C:\Users\Henning\AppData\Local\d3d9caps.dat
[2009.12.04 19:20:20 | 000,000,000 | ---- | C] () -- C:\Users\Henning\AppData\Roaming\AVSDVDPlayer.m3u
[2009.10.24 01:03:13 | 000,020,480 | ---- | C] () -- C:\Users\Henning\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 18:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 20:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 20:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 10:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 09:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 05:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2010.11.05 00:14:08 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Amazon
[2012.02.27 22:51:19 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Azureus
[2009.11.21 02:56:58 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\COWON
[2011.01.08 19:06:05 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\DAEMON Tools Lite
[2012.10.23 19:07:38 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Dropbox
[2010.04.20 11:23:41 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Foxit
[2009.11.23 22:10:13 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\SMART Technologies
[2009.11.23 22:15:42 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\SMART Technologies Inc
[2012.10.23 16:21:21 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\uTorrent
[2011.10.06 21:33:29 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\VDownloader
[2011.10.24 16:33:56 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Roaming\Zarb
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2010.11.12 01:22:49 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.11.25 01:42:02 | 000,000,000 | ---D | M] -- C:\5e5ff551d886e71b9cc90150dd0751
[2009.10.27 23:33:12 | 000,000,000 | -HSD | M] -- C:\boot
[2006.11.02 18:42:17 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.10.13 12:40:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.04.01 13:14:34 | 000,000,000 | -HSD | M] -- C:\found.000
[2009.10.13 12:42:35 | 000,000,000 | -H-D | M] -- C:\HP
[2009.02.23 10:04:40 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2008.01.21 06:04:13 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.02.07 11:24:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.23 19:05:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2012.10.23 19:05:38 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.10.13 12:40:17 | 000,000,000 | -HSD | M] -- C:\Programme
[2009.10.13 12:43:07 | 000,000,000 | ---D | M] -- C:\SWSetup
[2012.10.23 19:15:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.10.13 12:43:07 | 000,000,000 | -H-D | M] -- C:\System.sav
[2012.04.20 20:07:57 | 000,000,000 | R--D | M] -- C:\Users
[2011.10.13 19:46:49 | 000,000,000 | ---D | M] -- C:\VundoFix Backups
[2012.10.23 19:05:45 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.10.22 17:59:14 | 000,000,000 | ---D | M] -- C:\Windows\installer\{26A24AE4-039D-4CA4-87B4-2F83217009FF}
 
< %localappdata%\*. /5 >
[2012.10.23 19:11:18 | 000,000,000 | ---D | M] -- C:\Users\Henning\AppData\Local\Temp

< End of report >
         
--- --- ---

Alt 23.10.2012, 17:51   #10
schrauber
/// the machine
/// TB-Ausbilder
 

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!
Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 23.10.2012, 21:10   #11
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hi,

so, da bin ich wieder. Hier die das combofix-Logfile. Hat ein bisschen gedauert, aber ich bin jetzt wieder am Rechner. Wie lange bist Du denn noch am Rechner heute, bzw. hast Zeit mir zu helfen?

Danke und Gruß
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-23.01 - Henning 23.10.2012  22:32:54.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4093.2442 [GMT 3:00]
ausgeführt von:: c:\users\Henning\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\100
c:\programdata\Amazon.ico
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\content.js
c:\programdata\Bcool\ppjemjejnnojomfekgbpbbnecicblllf.crx
c:\programdata\Bcool\settings.ini
c:\programdata\Bcool\uninstall.exe
c:\programdata\MercadoLivre.ico
c:\programdata\Poker.ico
c:\programdata\QuickStores.ico
c:\users\Henning\AppData\Roaming\MSIMRTM.dll
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-23 bis 2012-10-23  ))))))))))))))))))))))))))))))
.
.
2012-10-23 13:03 . 2012-10-16 23:31	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{063D4C39-C41D-4496-8C2B-26B33A5CEF23}\mpengine.dll
2012-10-22 15:04 . 2012-10-22 15:04	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-10-22 15:00 . 2012-10-22 14:59	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-22 15:00 . 2012-10-22 14:59	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-10 04:11 . 2012-09-13 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 04:11 . 2012-09-13 13:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 04:10 . 2012-08-24 16:07	218624	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 04:10 . 2012-08-24 15:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 04:10 . 2012-06-02 00:20	1268736	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 04:10 . 2012-06-02 00:02	985088	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 04:10 . 2012-06-02 00:20	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 04:10 . 2012-06-02 00:20	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 04:10 . 2012-06-02 00:02	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 04:10 . 2012-06-02 00:02	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 04:10 . 2012-08-29 11:40	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 14:59 . 2010-04-17 08:51	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-11 00:05 . 2006-11-02 12:35	65309168	----a-w-	c:\windows\system32\mrt.exe
2012-10-09 16:30 . 2012-04-11 18:31	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:30 . 2011-05-20 05:19	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 11:15 . 2012-09-23 00:00	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 00:00	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 00:01	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 00:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 00:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 00:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 00:01	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 00:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 00:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 00:01	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 00:01	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 00:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 00:01	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 00:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 00:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 00:01	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 00:01	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 00:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 00:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 00:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 00:01	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 00:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-07-16 09:27 . 2012-07-16 09:27	4024320	----a-w-	c:\program files (x86)\GUT43FF.tmp
2010-10-16 23:50 . 2011-02-07 08:23	3056008	----a-w-	c:\program files (x86)\Common Files\AskToolbarInstaller.exe
2010-01-26 22:11 . 2011-02-07 08:23	444283	----a-w-	c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-13 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\Henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Henning\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_7af0d372\AESTSr64.exe [2009-01-13 89088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:30]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 13:42]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1661736]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{593EDDB9-8E18-4F8B-A9AB-1BE7117B4268}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\gfmxnvt4.default-1347550859276\
FF - ExtSQL: 2012-09-07 13:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-09-07 13:00; {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}; c:\program files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
BHO-{9B225492-5F47-4D9F-9595-5EE4844661E0} - c:\programdata\Bcool\bhoclass.dll
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-Star Trek Armada II - c:\windows\IsUn0407.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Bcool\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\SMINST\BLService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-23  22:58:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-10-23 19:58
.
Vor Suchlauf: 9 Verzeichnis(se), 342.233.112.576 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 343.559.200.768 Bytes frei
.
- - End Of File - - B4802318A1DD1B0AC4C8B2035C3096C2
         
--- --- ---

Alt 24.10.2012, 06:25   #12
schrauber
/// the machine
/// TB-Ausbilder
 

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.
Code:
ATTFilter
File::
c:\program files (x86)\Common Files\AskToolbarInstaller.exe
DDS::
TCP: Interfaces\{593EDDB9-8E18-4F8B-A9AB-1BE7117B4268}: NameServer = 8.8.8.8,8.8.4.4
         
Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:
  • Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
    Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
    Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.
  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.





Malwarebytes' Anti-Malware
  • Lies dir die Entfernungsanleitung durch und lass alles entfernen was gefunden wurde:
(nach dem scannen auf den Button klicken und Funde löschen lassen!)





ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset






UNd ein frisches OTL logfile bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2012, 07:57   #13
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Moin,

ich muss leider nachfragen. Du hast geschrieben:

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Was bedeutet hier Notepad (hinein schreiben)? Wenn ich Windows + R drücke, erscheint ein Fenster namens "Ausführen", in das ich den Namen einer Datei (o.ä.) eingeben soll... Wie genau öffne ich das leere Textdokument?

Danke und Gruß
A

Übrigens:

Alle Symptome sind, soweit ich es bisher beurteilen kann, verschwunden. Schönen Dank schon mal dafür! Ich weiß, dass wir noch nicht fertig sind...

Alt 24.10.2012, 08:36   #14
schrauber
/// the machine
/// TB-Ausbilder
 

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



In das Ausführen-Fenster tippst Du Notepad ein und drückst auf Enter
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 24.10.2012, 09:41   #15
Applenaut
 
Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Standard

Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen



Hier das neue combofix Log:
Combofix Logfile:
Code:
ATTFilter
ComboFix 12-10-23.01 - Henning 24.10.2012  11:18:44.1.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.4093.2350 [GMT 3:00]
ausgeführt von:: c:\users\Henning\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Henning\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Common Files\AskToolbarInstaller.exe"
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\AskToolbarInstaller.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-09-24 bis 2012-10-24  ))))))))))))))))))))))))))))))
.
.
2012-10-24 08:31 . 2012-10-24 08:31	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-10-24 08:31 . 2012-10-24 08:31	--------	d-----w-	c:\users\Administrator\AppData\Local\temp
2012-10-23 13:03 . 2012-10-16 23:31	9291768	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{063D4C39-C41D-4496-8C2B-26B33A5CEF23}\mpengine.dll
2012-10-22 15:04 . 2012-10-22 15:04	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-10-22 15:00 . 2012-10-22 14:59	821736	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2012-10-22 15:00 . 2012-10-22 14:59	95208	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-10 04:11 . 2012-09-13 13:45	2048	----a-w-	c:\windows\system32\tzres.dll
2012-10-10 04:11 . 2012-09-13 13:28	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-10-10 04:10 . 2012-08-24 16:07	218624	----a-w-	c:\windows\system32\wintrust.dll
2012-10-10 04:10 . 2012-08-24 15:53	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-10-10 04:10 . 2012-06-02 00:20	1268736	----a-w-	c:\windows\system32\crypt32.dll
2012-10-10 04:10 . 2012-06-02 00:02	985088	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-10-10 04:10 . 2012-06-02 00:20	174592	----a-w-	c:\windows\system32\cryptsvc.dll
2012-10-10 04:10 . 2012-06-02 00:20	132096	----a-w-	c:\windows\system32\cryptnet.dll
2012-10-10 04:10 . 2012-06-02 00:02	98304	----a-w-	c:\windows\SysWow64\cryptnet.dll
2012-10-10 04:10 . 2012-06-02 00:02	133120	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-10-10 04:10 . 2012-08-29 11:40	4699520	----a-w-	c:\windows\system32\ntoskrnl.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-22 14:59 . 2010-04-17 08:51	746984	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-10-11 00:05 . 2006-11-02 12:35	65309168	----a-w-	c:\windows\system32\mrt.exe
2012-10-09 16:30 . 2012-04-11 18:31	696760	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 16:30 . 2011-05-20 05:19	73656	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-24 11:15 . 2012-09-23 00:00	17810944	----a-w-	c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-23 00:00	10925568	----a-w-	c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-23 00:01	2312704	----a-w-	c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-23 00:01	1346048	----a-w-	c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-23 00:01	1392128	----a-w-	c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-23 00:01	1494528	----a-w-	c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-23 00:01	237056	----a-w-	c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-23 00:01	85504	----a-w-	c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-23 00:01	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-23 00:01	816640	----a-w-	c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-23 00:01	599040	----a-w-	c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-23 00:01	2144768	----a-w-	c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-23 00:01	729088	----a-w-	c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-23 00:01	96768	----a-w-	c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-23 00:01	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-23 00:01	248320	----a-w-	c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-23 00:01	1800704	----a-w-	c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-23 00:01	1129472	----a-w-	c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-23 00:01	1427968	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-23 00:01	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-23 00:01	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-23 00:01	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2012-07-16 09:27 . 2012-07-16 09:27	4024320	----a-w-	c:\program files (x86)\GUT43FF.tmp
2010-01-26 22:11 . 2011-02-07 08:23	444283	----a-w-	c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{9B225492-5F47-4D9F-9595-5EE4844661E0}]
c:\programdata\Bcool\bhoclass.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	94208	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisor"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-11-13 972080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"WMPNSCFG"="c:\program files (x86)\Windows Media Player\WMPNSCFG.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"UCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2008-11-14 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-11-26 210216]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-10-10 206128]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-10-30 210216]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
.
c:\users\Henning\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Henning\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_7af0d372\AESTSr64.exe [2009-01-13 89088]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14	451872	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:30]
.
2012-10-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 13:42]
.
2012-10-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-30 13:42]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12	97792	----a-w-	c:\users\Henning\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-12-04 1661736]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [BU]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.175.39.40 195.175.39.39
TCP: Interfaces\{593EDDB9-8E18-4F8B-A9AB-1BE7117B4268}: NameServer = 8.8.8.8,8.8.4.4
FF - ProfilePath - c:\users\Henning\AppData\Roaming\Mozilla\Firefox\Profiles\gfmxnvt4.default-1347550859276\
FF - ExtSQL: 2012-09-07 13:00; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2012-09-07 13:00; {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}; c:\program files (x86)\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Star Trek Armada II - c:\windows\IsUn0407.exe
AddRemove-{20E7BC40-33F6-4A81-9D52-B58349326206} - c:\programdata\Bcool\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10a.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10a.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Zeit der Fertigstellung: 2012-10-24  11:36:01
ComboFix-quarantined-files.txt  2012-10-24 08:36
ComboFix2.txt  2012-10-24 06:51
ComboFix3.txt  2012-10-23 19:58
.
Vor Suchlauf: 15 Verzeichnis(se), 342.530.338.816 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 342.490.533.888 Bytes frei
.
- - End Of File - - 63744A2E601B201E7B4AF605C79CBBC6
         
--- --- ---

Die malwarebyte-geschichte muss warten, ich muss weg. bis später!

Antwort

Themen zu Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen
"keine rückmeldung", abgebrochen, ad-aware, anwendungen, avira, bericht, cpu-auslastung, dateien, firefox, java, java-version, kein update, keine rückmeldung, langsam, löschen, nicht mehr, problem, problembehandlung, rechner, rückmeldung, seite, stream, taskmanager, updates, verlangsamung, vista, windows, windows vista, ändern, öffnen



Ähnliche Themen: Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen


  1. Windows 7: Ständig "Keine Rückmeldung"/ Aufhängen und "Drehen"
    Log-Analyse und Auswertung - 19.11.2015 (17)
  2. ständig keine Rückmeldung bei Windows 7, ständiges "drehen" und hängenbleiben
    Log-Analyse und Auswertung - 25.08.2015 (7)
  3. Laptop extrem langsam und ständig "Keine Rückmeldung"
    Log-Analyse und Auswertung - 25.06.2015 (22)
  4. Windows7: Malware-Befall? PC langsam, "Keine Rückmeldung" etc.
    Log-Analyse und Auswertung - 18.06.2015 (19)
  5. "Keine Rückmeldung": Programme starten langsam und bleiben oft hängen
    Log-Analyse und Auswertung - 13.06.2015 (10)
  6. neuer PC auf einmal sehr langsam, Firefox-Meldungen "Skript beschäftigt oder antwortet nicht", "keine Rückmeldung"
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (26)
  7. Windows 7: Häufig "Keine Rückmeldung" beim starten von Anwendungen
    Log-Analyse und Auswertung - 16.02.2015 (40)
  8. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  9. Laptop hängt, nichts tut sich: "keine Rückmeldung"
    Log-Analyse und Auswertung - 28.07.2014 (18)
  10. ständig hängt sich der Rechner auf und zeigt in allen Prozessen "Keine Rückmeldung"
    Plagegeister aller Art und deren Bekämpfung - 01.07.2014 (20)
  11. Pc wird immer langsamer, Programme zeigen "keine Rückmeldung"
    Log-Analyse und Auswertung - 13.06.2014 (9)
  12. Win 7 - Firefox langsam, Skript-Warnmeldungen und "keine Rückmeldung" in Titelleiste
    Log-Analyse und Auswertung - 13.04.2014 (39)
  13. (Windows 7) Bluescreen, extreme Verlangsamung und kompletter "Stillstand"
    Plagegeister aller Art und deren Bekämpfung - 01.11.2013 (3)
  14. Windows Vista: PC immer langsamer & Programme melden gehäuft "keine Rückmeldung"
    Log-Analyse und Auswertung - 09.09.2013 (15)
  15. Acer 5710 dauernd "keine Rückmeldung"
    Log-Analyse und Auswertung - 12.07.2011 (13)
  16. Alle 10 Minuten "Keine Rückmeldung", im Browser/Desktop, Programme...
    Log-Analyse und Auswertung - 29.08.2010 (1)
  17. PC langsam, Mozilla hängt dauernd,zeigt "keine Rückmeldung" an. hier ist mein HJT Log
    Log-Analyse und Auswertung - 30.12.2009 (10)

Zum Thema Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen - Liebe Helferinnen und Helfer, ich habe ein gravierendes Problem mit Windows Vista auf meinem HP-Laptop und allem, was da so dranhängt. Kurz gesagt: alle Anwendungen laufen extrem langsam (Firefox benötigt - Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen...
Archiv
Du betrachtest: Extreme Verlangsamung und "Keine Rückmeldung" aller Anwendungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.