Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Firefox extrem langsam - Malware Befall vermutet

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 04.04.2011, 17:25   #1
on_the_run
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Hallo liebes Forum,

Schön das es für Notfälle so ein Forum hier gibt.

Ich habe mit meinem PC (Win 7, 64Bit) Seit einpaar Tagen das Problem, dass der Firefox sehr langsam war. Anfangs ging es für ein, zwei Stunden,
anschliessend war die Übertragung in den Keller gegangen und konnte dann nur eine Taste drücken und musste ewig warten, eh er wieder ansprechbar war.
Und seit gestern ist dies von Anfang an nun so, dass man nicht mehr im Firefox arbeiten kann

Obwohl die Down- / und Uploadraten der Verbindung top sind als am WLAN Netzwerk liegt es nicht.

Habe daraufhin den Firefox geupdatet, keine Änderung. In der Systemüberprüfung habe ich nachgeschaut, was geändert wurde, seit die Probleme auftraten.
Windows Update und Java Update.

Und wissentlich hatte ich letzten auf einer Filmseite die video_components_update.exe angenommen, hat sich gestartet, war aber dann nirgends mehr zu finden.
Hätte ich wohl nicht tun sollen. ich denke mir, dass ich mir vlt. damit etwas eingefangen habe??

Das ist als wenn man an einem Modem sitzt, sobald man eine Taste drückt oder Anfrage macht dauert das erstmal und der FF ist blockiert.
Definitiv nicht normal.

Aktuell surfe ich mit Chrome, alles super, alles schnell. Firefox deinstalliert. Neu draufgespielt. Aber immer noch langsam. Dabei ist es aber mein Browser der Wahl. ich mag Chrome nicht so sehr. Vom Handling ist der schon anders, und egal was man macht, läuft da alles über Tabs. nicht mein Ding.

Davor auch mit CCleaner alles gesäubert und mal OTL drüberlaufen lassen. Das war auch spannend was da noch alles so drinhängt.

Also Log-Files:

GMER (Rootkit Check)


GMER 1.0.15.15570 - hxxp://www.gmer.net
Rootkit scan 2011-04-04 18:19:38
Windows 6.1.7600
Running: s3bk3q28.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a27b11
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\18f46afa5e64
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0cb38f317a0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a27b11 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\18f46afa5e64 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0cb38f317a0 (not active ControlSet)

---- EOF - GMER 1.0.15 ----

HijackThis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:23:04, on 04.04.2011
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files\Sony\VAIO Care\VCSpt.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Internet\Belkin\F7D4101\V1\PBN.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Users\Robert\Downloads\s3bk3q28.exe
C:\Program Files (x86)\Internet\Mozilla Thunderbird\thunderbird.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Robert\Downloads\AntiVirus\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {134b012b-132d-4516-a786-2395828640b5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [FontExpertType1Loader] C:\Program Files (x86)\Media\FontExpert\Type1Loader.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Play Wireless USB Adapter Utility.lnk = C:\Program Files (x86)\Internet\Belkin\F7D4101\V1\PBN.exe
O4 - Global Startup: vpngui.exe.lnk = ?
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Internet\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: VAIO Care Performance Service (SampleCollector) - Sony Corporation - C:\Program Files\Sony\VAIO Care\VCPerfService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VSNService - Sony Corporation - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: VUAgent - Sony Corporation - C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Belkin WLAN service (WLANBelkinService) - Unknown owner - C:\Program Files (x86)\Internet\Belkin\F7D4101\V1\wlansrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

Danke soweit schonmal. Soll ich die OTL auch noch posten?

Grüße,
ontherun

Alt 04.04.2011, 20:45   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Bitte beachten => http://www.trojaner-board.de/95173-b...es-posten.html und http://www.trojaner-board.de/69886-a...-beachten.html
__________________

__________________

Alt 04.04.2011, 22:56   #3
on_the_run
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Danke für die Info.
Zuerst die Augen aufmachen und lesen

Alo erster Teil vom OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.04.2011 22:56:54 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,28 Gb Total Space | 357,03 Gb Free Space | 78,94% Space Free | Partition Type: NTFS
Drive D: | 629,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 931,28 Gb Total Space | 753,19 Gb Free Space | 80,88% Space Free | Partition Type: FAT32
 
Computer Name: VAIO | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.04 15:54:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
PRC - [2011.04.04 14:06:21 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
PRC - [2011.04.04 14:06:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Java\jre6\bin\java.exe
PRC - [2011.03.16 13:15:13 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.06 14:31:13 | 012,587,696 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Internet\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.12.13 09:39:27 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.12 16:15:34 | 000,081,296 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCSpt.exe
PRC - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
PRC - [2010.05.31 19:18:32 | 000,120,176 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2010.05.31 17:01:52 | 000,673,136 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
PRC - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.05.18 14:38:46 | 000,075,776 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Internet\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.03.04 05:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.12.28 18:25:40 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Internet\Belkin\F7D4101\V1\wlansrv.exe
PRC - [2009.11.25 19:45:22 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\Internet\Belkin\F7D4101\V1\PBN.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.04 15:54:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
MOD - [2010.08.21 07:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.08.12 16:15:34 | 000,257,936 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.06.21 18:00:52 | 000,575,856 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV:64bit: - [2010.06.08 17:00:04 | 000,836,608 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV:64bit: - [2010.05.31 18:25:48 | 001,250,160 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2011.03.16 13:15:13 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.12.13 09:39:27 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.21 08:51:08 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.06.08 23:55:14 | 000,952,096 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2010.05.31 19:18:32 | 000,217,968 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.05.28 22:02:57 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.05.28 22:02:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.23 14:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Internet\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.03.04 05:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.28 18:25:40 | 000,036,864 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Internet\Belkin\F7D4101\V1\wlansrv.exe -- (WLANBelkinService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2010.12.13 09:39:38 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.12.13 09:39:38 | 000,083,120 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.06.24 22:34:53 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2010.06.24 22:33:43 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.06.23 22:04:45 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2010.06.23 22:04:43 | 000,342,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2010.06.23 22:04:43 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2010.06.23 22:04:43 | 000,102,952 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2010.06.23 22:04:09 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2010.06.23 22:03:07 | 000,078,848 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2010.06.23 22:02:59 | 000,094,208 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2010.05.31 23:36:48 | 000,402,720 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2010.05.31 23:36:41 | 001,573,888 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.05.31 23:31:21 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.05.31 22:10:13 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.05.28 22:03:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.05.28 22:02:36 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2010.03.23 14:29:46 | 000,304,784 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.03.04 04:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009.11.06 09:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\..\URLSearchHook: {134b012b-132d-4516-a786-2395828640b5} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.01.14 19:14:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Internet\Mozilla Thunderbird\components [2011.03.06 14:31:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Internet\Mozilla Thunderbird\plugins [2011.04.03 22:27:38 | 000,000,000 | ---D | M]
 
[2011.04.04 16:54:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions
[2011.01.07 17:31:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.01.07 19:31:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Thunderbird\Profiles\e2mxo0z6.default\extensions
[2011.01.07 19:31:39 | 000,000,000 | ---D | M] (Lightning) -- C:\Users\Robert\AppData\Roaming\mozilla\Thunderbird\Profiles\e2mxo0z6.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
[2011.01.07 20:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Robert\AppData\Roaming\mozilla\Thunderbird\Profiles\e2mxo0z6.default\extensions.sbd
File not found (No name found) -- C:\USERS\ROBERT\APPDATA\ROAMING\THUNDERBIRD\PROFILES\TCEH3HPD.DEFAULT\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
 
O1 HOSTS File: ([2011.01.17 00:50:15 | 000,001,294 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [FontExpertType1Loader] C:\Program Files (x86)\Media\FontExpert\Type1Loader.exe (Proxima Software)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003.05.27 06:45:29 | 000,000,042 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O32 - Unable to obtain root file information for disk E:\
O33 - MountPoints2\{55143a00-1a58-11e0-8f85-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55143a00-1a58-11e0-8f85-806e6f6e6963}\Shell\AutoRun\command - "" = D:\STUB.EXE -- [2003.02.17 22:10:16 | 000,024,576 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.04 16:11:22 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.04 15:54:55 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2011.04.04 14:06:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.04.04 14:06:35 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.04.04 14:06:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.04.04 14:06:35 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.04.04 00:42:16 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.04.04 00:41:07 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Google
[2011.04.03 23:27:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft HiJackFree
[2011.04.03 15:25:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Auslogics
[2011.03.30 10:52:44 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\TIPP10
[2011.03.30 10:51:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TIPP10
[2011.03.24 18:32:25 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CanarySim
[2011.03.24 18:28:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2011.03.24 18:20:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aerosoft
[2011.03.24 03:01:56 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PMDG Simulations
[2011.03.24 03:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PMDG Simulations
[2011.03.24 02:35:34 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011.03.24 02:03:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FSacars
[2011.03.23 21:19:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight One Software
[2011.03.23 21:19:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Flight One Software
[2011.03.23 19:19:52 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active Camera 2004
[2011.03.23 01:28:37 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Conduit
[2011.03.23 01:28:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IsoBuster
[2011.03.23 01:16:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2011.03.23 01:13:34 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lago
[2011.03.23 01:13:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lago
[2011.03.23 00:56:41 | 000,000,000 | ---D | C] -- C:\Users\Robert\Documents\Flight Simulator-Dateien
[2011.03.23 00:55:47 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.03.23 00:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2011.03.15 16:59:11 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\SKIDROW
[2011.03.15 16:59:04 | 000,419,840 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.03.15 16:59:04 | 000,413,696 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.03.15 16:59:04 | 000,133,632 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.03.15 16:59:04 | 000,110,592 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.03.15 16:59:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2011.03.10 23:38:57 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Local\Diagnostics
[2011.03.10 23:12:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cossacks 2
[2011.03.10 22:59:58 | 000,000,000 | ---D | C] -- C:\Users\Robert\AppData\Roaming\Gutscheinmieze
[2011.03.09 12:52:51 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DWrite.dll
[2011.03.09 12:52:50 | 001,540,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2011.03.09 12:52:50 | 000,902,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll
[2011.03.09 12:52:50 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d2d1.dll
[2011.03.09 12:52:48 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011.03.09 12:52:48 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011.03.09 12:52:47 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011.03.09 12:52:47 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011.03.09 12:52:47 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011.03.09 12:52:47 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011.03.09 12:52:46 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011.03.09 12:52:46 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011.03.09 12:52:44 | 000,265,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2011.03.09 12:52:44 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2011.03.09 12:52:42 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011.03.09 12:52:41 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011.03.09 12:52:41 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011.03.09 12:52:41 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011.03.06 21:46:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.03.06 21:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.03.06 21:46:43 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.03.06 21:41:06 | 000,000,000 | R--D | C] -- C:\Users\Robert\Favorites
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.04 22:46:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037049737-1123142766-1239106862-1000UA.job
[2011.04.04 19:06:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.04 17:02:39 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.04 17:02:39 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.04 16:55:06 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.04 16:32:47 | 000,038,388 | ---- | M] () -- C:\Users\Robert\cc_20110404_163244.reg
[2011.04.04 16:21:06 | 000,019,002 | ---- | M] () -- C:\Users\Robert\cc_20110404_162059.reg
[2011.04.04 16:11:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.04 15:54:56 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Robert\Desktop\OTL.exe
[2011.04.04 14:06:21 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2011.04.04 14:06:21 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2011.04.04 14:06:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2011.04.04 14:06:20 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2011.04.04 00:46:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037049737-1123142766-1239106862-1000Core.job
[2011.04.04 00:42:30 | 000,002,283 | ---- | M] () -- C:\Users\Robert\Desktop\Google Chrome.lnk
[2011.04.03 23:27:18 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
[2011.04.03 23:00:50 | 000,007,627 | ---- | M] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
[2011.04.03 11:25:08 | 000,411,008 | ---- | M] () -- C:\Users\Robert\Video call snapshot 170.png
[2011.04.02 23:55:55 | 000,127,566 | ---- | M] () -- C:\Users\Robert\Video call snapshot 169.png
[2011.04.02 23:54:49 | 000,117,715 | ---- | M] () -- C:\Users\Robert\Video call snapshot 168.png
[2011.04.01 19:09:53 | 000,013,190 | ---- | M] () -- C:\Users\Robert\Hazy-Kurse+WS+2010-11_3.pdf
[2011.04.01 19:08:31 | 000,013,162 | ---- | M] () -- C:\Users\Robert\Hazy-Kurse+WS+2010-11_2.pdf
[2011.04.01 18:51:58 | 000,009,030 | ---- | M] () -- C:\Users\Robert\Hazy-Kurse+WS+2010-11.pdf
[2011.03.31 20:51:27 | 000,103,086 | ---- | M] () -- C:\Users\Robert\Video call snapshot 164.png
[2011.03.31 12:25:22 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.03.31 12:25:22 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.03.31 12:25:22 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.03.31 12:25:22 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.03.31 12:25:22 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.03.30 21:37:21 | 000,001,456 | ---- | M] () -- C:\Users\Robert\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.03.30 21:01:57 | 000,053,760 | ---- | M] () -- C:\Windows\SysNative\WcnEbpPeerProxy.dll
[2011.03.30 10:51:49 | 000,001,098 | ---- | M] () -- C:\Users\Robert\Desktop\TIPP10.lnk
[2011.03.24 03:05:53 | 005,345,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.03.24 02:32:12 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\Windows\iun6002.exe
[2011.03.23 00:55:13 | 000,001,957 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Flight Simulator 2004.lnk
[2011.03.20 22:46:03 | 000,027,852 | ---- | M] () -- C:\Users\Robert\Documents\12172480_Anna Mai 05 -09.pdf
[2011.03.16 14:34:35 | 000,001,433 | ---- | M] () -- C:\Users\Robert\Desktop\flightControl.lnk
[2011.03.15 16:59:04 | 000,419,840 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.03.15 16:59:04 | 000,413,696 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.03.15 16:59:04 | 000,133,632 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2011.03.15 16:59:04 | 000,110,592 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2011.03.08 15:57:24 | 000,090,519 | ---- | M] () -- C:\test.xml
[2011.03.07 21:36:48 | 000,336,219 | ---- | M] () -- C:\Users\Robert\Deppengalerie.pdf
[2011.03.06 22:39:33 | 000,001,373 | ---- | M] () -- C:\Users\Robert\Desktop\Kurse.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.04 16:32:46 | 000,038,388 | ---- | C] () -- C:\Users\Robert\cc_20110404_163244.reg
[2011.04.04 16:21:03 | 000,019,002 | ---- | C] () -- C:\Users\Robert\cc_20110404_162059.reg
[2011.04.04 16:11:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.04 00:42:30 | 000,002,283 | ---- | C] () -- C:\Users\Robert\Desktop\Google Chrome.lnk
[2011.04.04 00:41:11 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037049737-1123142766-1239106862-1000UA.job
[2011.04.04 00:41:10 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2037049737-1123142766-1239106862-1000Core.job
[2011.04.03 23:27:18 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\Emsisoft HiJackFree.lnk
[2011.04.03 20:54:46 | 000,007,627 | ---- | C] () -- C:\Users\Robert\AppData\Local\Resmon.ResmonCfg
[2011.04.03 11:24:49 | 000,411,008 | ---- | C] () -- C:\Users\Robert\Video call snapshot 170.png
[2011.04.02 23:55:24 | 000,127,566 | ---- | C] () -- C:\Users\Robert\Video call snapshot 169.png
[2011.04.02 23:54:46 | 000,117,715 | ---- | C] () -- C:\Users\Robert\Video call snapshot 168.png
[2011.04.01 19:10:01 | 000,013,190 | ---- | C] () -- C:\Users\Robert\Hazy-Kurse+WS+2010-11_3.pdf
[2011.04.01 19:08:36 | 000,013,162 | ---- | C] () -- C:\Users\Robert\Hazy-Kurse+WS+2010-11_2.pdf
[2011.04.01 18:52:01 | 000,009,030 | ---- | C] () -- C:\Users\Robert\Hazy-Kurse+WS+2010-11.pdf
[2011.03.31 20:51:17 | 000,103,086 | ---- | C] () -- C:\Users\Robert\Video call snapshot 164.png
[2011.03.30 21:16:33 | 000,001,456 | ---- | C] () -- C:\Users\Robert\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011.03.30 21:01:57 | 000,053,760 | ---- | C] () -- C:\Windows\SysNative\WcnEbpPeerProxy.dll
[2011.03.30 10:51:49 | 000,001,098 | ---- | C] () -- C:\Users\Robert\Desktop\TIPP10.lnk
[2011.03.23 18:03:53 | 000,002,675 | ---- | C] () -- C:\Windows\uninstall_canary_islands.ini
[2011.03.23 00:55:13 | 000,001,957 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Flight Simulator 2004.lnk
[2011.03.20 22:46:02 | 000,027,852 | ---- | C] () -- C:\Users\Robert\Documents\12172480_Anna Mai 05 -09.pdf
[2011.03.18 20:06:54 | 000,374,559 | ---- | C] () -- C:\Users\Robert\Documents\STEELTRAIN.JPG
[2011.03.18 20:06:54 | 000,073,224 | ---- | C] () -- C:\Users\Robert\Documents\SBB.JPG
[2011.03.15 22:30:14 | 000,001,433 | ---- | C] () -- C:\Users\Robert\Desktop\flightControl.lnk
[2011.03.07 21:36:31 | 000,336,219 | ---- | C] () -- C:\Users\Robert\Deppengalerie.pdf
[2011.03.06 17:37:13 | 000,001,373 | ---- | C] () -- C:\Users\Robert\Desktop\Kurse.lnk
[2011.01.21 22:59:39 | 000,016,622 | ---- | C] () -- C:\Windows\hpomdl01.dat
[2011.01.19 22:45:44 | 000,000,235 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\devices.xml
[2011.01.19 22:45:44 | 000,000,012 | ---- | C] () -- C:\Users\Robert\AppData\Roaming\settings.xml
[2011.01.11 01:33:06 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.01.07 21:19:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.10.12 19:30:23 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010.10.12 19:30:22 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.10.12 19:30:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010.10.12 19:30:21 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010.10.12 19:30:20 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.10.12 19:30:13 | 000,028,732 | ---- | C] () -- C:\Windows\SysWow64\ativvsny.dat
[2010.10.12 19:30:13 | 000,026,936 | ---- | C] () -- C:\Windows\SysWow64\ativvsnl.dat
[2010.10.12 19:27:41 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.10.08 08:55:10 | 000,002,023 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.11.07 05:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2004.10.28 17:38:10 | 000,315,728 | ---- | C] () -- C:\Windows\SysWow64\flt1chk3.dll
[2003.04.06 06:33:26 | 000,020,470 | ---- | C] () -- C:\Windows\hpoins01.dat
 
========== LOP Check ==========
 
[2011.02.10 01:50:03 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Audacity
[2011.04.03 15:25:56 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Auslogics
[2011.04.04 16:13:45 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\BitTorrent
[2011.01.19 18:54:37 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.01.13 23:18:38 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\FileZilla
[2011.03.10 22:59:58 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Gutscheinmieze
[2011.03.02 14:33:48 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Obsidium
[2011.01.15 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\PACE Anti-Piracy
[2011.01.18 19:43:59 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Proxima Software
[2011.01.12 15:40:37 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\SoftGrid Client
[2011.01.18 20:16:31 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011.01.07 17:31:05 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\Thunderbird
[2011.03.30 10:56:22 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TIPP10
[2011.01.11 01:34:16 | 000,000,000 | ---D | M] -- C:\Users\Robert\AppData\Roaming\TP
[2011.03.16 13:12:53 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1240 bytes -> C:\Users\Robert\AppData\Local\aFMQ50PBQUjZy:lBRlHZpy6dJGtlfLLrsn
@Alternate Data Stream - 1211 bytes -> C:\Users\Robert\AppData\Local\Temp:qOu9ClHTUmzLqFZFdrT8nbD

< End of report >
         
--- --- ---
__________________

Alt 04.04.2011, 23:00   #4
on_the_run
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



und der Extra-Teil
Zweiter Log vom OTL:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.04.2011 22:56:54 - Run 3
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Robert\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 54,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,28 Gb Total Space | 357,03 Gb Free Space | 78,94% Space Free | Partition Type: NTFS
Drive D: | 629,86 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 931,28 Gb Total Space | 753,19 Gb Free Space | 80,88% Space Free | Partition Type: FAT32
 
Computer Name: VAIO | User Name: Robert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (All) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm[@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl[@ = cplfile] -- C:\Windows\SysNative\control.exe (Microsoft Corporation)
.hlp[@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta[@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html[@ = ChromeHTML] -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf[@ = inffile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.ini[@ = inifile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.js[@ = JSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.jse[@ = JSEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.reg[@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
.txt[@ = txtfile] -- C:\Windows\SysNative\NOTEPAD.EXE (Microsoft Corporation)
.vbe[@ = VBEFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.vbs[@ = VBSFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsf[@ = WSFFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
.wsh[@ = WSHFile] -- C:\Windows\SysNative\WScript.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\Windows\SysWOW64\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\SysWow64\rundll32.exe (Microsoft Corporation)
.js [@ = JSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\Windows\SysWow64\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\Windows\SysWow64\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\Windows\SysWow64\WScript.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Robert\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %* File not found
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\Windows\SysWOW64\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\Windows\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\Windows\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\Windows\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{259FD439-13B0-0136-D0A0-FA89BB05831D}" = ccc-utility64
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{467D5E81-8349-4892-9E81-C3674ED8E451}" = Cisco Systems VPN Client 5.0.07.0290
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5BC83141-83DD-07BE-C940-04B385540F04}" = ATI Catalyst Install Manager
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D93AC9C8-B6CF-391E-BD2F-48AF4727476C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30411
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"CutePDF Writer Installation" = CutePDF Writer 2.8
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{07B7598E-1FB8-1A95-7A30-F534A55726B4}" = CCC Help Czech
"{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}" = VAIO Smart Network
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{159E5135-4BEA-52B7-8CDC-823F1ED6D8A5}" = CCC Help Spanish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{265F0D95-A883-7162-0458-B78085B6B693}" = Catalyst Control Center Graphics Light
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2DE59E42-7AA6-4528-A661-8A3D40B29D44}-FS2004" = aerosoft's - Kanarische Inseln - FS2004
"{2F9D63BE-A891-4E39-AFB3-7402D486800C}" = VAIO Hardware Diagnostics
"{35111E7A-03B9-25EC-F434-A1CD976907FC}" = CCC Help Chinese Traditional
"{36C5BBF0-E5BF-4DE1-B684-7E90B0C93FB5}" = VAIO Care
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{427E8AD0-A4B1-D225-836E-CCB6068B490A}" = CCC Help French
"{44D25B45-5C0E-2187-6739-E2FA0E8AFE1D}" = CCC Help Portuguese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E6DF745-C99E-909F-BCF0-B7C24A51E56E}" = CCC Help Japanese
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{554E34DB-1EDD-4CE4-B63D-9E9973C6FFA5}" = VAIO Care
"{5736590B-36C7-4881-5EBE-F9B390F00774}" = Catalyst Control Center Core Implementation
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}" = VAIO DVD Menu Data
"{5A92468F-3ED8-4F96-A9E1-4F176C80EC29}" = VAIO Quick Web Access
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}" = VAIO-Support für Übertragungen
"{61F569A3-1647-B6F4-08C8-40A011831827}" = CCC Help English
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{68E6D7F3-1CA0-478C-8037-EBA5391B05E2}" = LAGO MD80 Maddog
"{6A3F204B-323C-7E32-F890-A7308768728D}" = CCC Help Russian
"{6ECB39BD-73C2-44DD-B1A0-898207C58D8B}" = HP Foto- und Bildbearbeitung 2.0 All-in-One Treiber 
"{7002773F-2A53-E9F2-E161-DB3DDA0F05BE}" = CCC Help Hungarian
"{705F27B3-5B35-4EC4-A258-BF16D83BE22B}" = aerosoft's - German Airports 2 - Leipzig  - FS2004
"{70991E0A-1108-437E-BA7D-085702C670C0}" = 
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{72042FA6-5609-489F-A8EA-3C2DD650F667}" = VAIO Control Center
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76DECE17-BCF5-9640-2854-3CA049834A40}" = CCC Help Chinese Standard
"{7A63F0C4-6B2B-694C-ED72-D0670612BC29}" = CCC Help Swedish
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{803E4FA5-A940-4420-B89D-A8BC2E160247}" = 
"{8211C280-5B02-4E7E-B55F-845A207249BA}" = VAIO Data Restore Tool
"{82F09B1C-F602-4552-9C40-5BD5F8EAF750}" = 
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{855DDD3C-131E-42A8-BCBD-F9581F80CACB}" = 
"{88001121-87E2-2104-F9F5-ECC15DFCA1E0}" = Catalyst Control Center Graphics Full Existing
"{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"{8EB34C0B-AF54-F265-844C-3E6FA9AE2FCD}" = CCC Help German
"{90120000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2007
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROPLUS_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROPLUS_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROPLUS_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROPLUS_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_PROPLUS_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_PROPLUS_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROPLUS_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{9867A917-5D17-40DE-83BA-BEA5293194B1}" = HP Foto- und Bildbearbeitung 2.0 - All-in-One
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C73041C-AB71-995D-EEC7-B4E940F93F36}" = CCC Help Finnish
"{A20548C1-4B08-C41D-A3A8-FE8C933C2A00}" = Catalyst Control Center InstallProxy
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}" = 
"{A8D53A4E-77A1-E23E-A396-6D9C86A2F273}" = Catalyst Control Center Graphics Full New
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{BFF37C6E-D735-4487-390C-271E030AA62C}" = CCC Help Italian
"{C2E171F6-9B58-4CE1-7B8B-B69FA04EBAB8}" = Catalyst Control Center Graphics Previews Vista
"{C459D829-0FF0-C210-B2BF-83DB63FC1D61}" = CCC Help Korean
"{C5529BC1-C2BF-44E8-B62A-01913D70081C}" = Catalyst Control Center - Branding
"{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}" = VAIO-Handbuch
"{C7477742-DDB4-43E5-AC8D-0259E1E661B1}" = 
"{C83B7CBB-C736-BF46-9832-7A9D07E9D94C}" = CCC Help Polish
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D49989B0-7BC2-F7F1-8017-3257F617347A}" = Catalyst Control Center Graphics Previews Common
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D6DEC295-88A0-5CFA-0B29-C8FDF091FFD3}" = CCC Help Dutch
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA46AA5F-4934-4DAC-94E4-7D84AD9A4090}" = Project Canarias 2006
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}" = ArcSoft WebCam Companion 3
"{DF693121-40C0-3020-D655-612E51616423}" = CCC Help Danish
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EBDDC3CC-343A-C0DD-79BA-8A12D0A2CA10}" = CCC Help Turkish
"{ECF0D151-BCA0-8E6D-62DB-5D44DB4A3836}" = CCC Help Thai
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B95046-E9DA-CFEC-42A8-C8224646AA32}" = ccc-core-static
"{F30FE437-0E45-D409-F629-5D86960A6591}" = CCC Help Norwegian
"{F5CC9A13-6C57-4948-75A8-3A2C92A3183B}" = Catalyst Control Center Localization All
"{F67C14C0-D73E-C55B-E132-B1904A1A709C}" = CCC Help Greek
"{F7E8DD1D-9BFD-38BB-86A5-BEF313B00C51}" = Catalyst Control Center InstallProxy
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB77DB0C-6951-47B6-9D80-A0FDBEE0334C}" = 
"{FFC78FC9-2FE6-4648-BFEB-446C61C2D61E}" = FSacars
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATR_72500" = Flight One ATR 72-500
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BitTorrent" = BitTorrent
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Emsisoft HiJackFree_is1" = Emsisoft HiJackFree 4.5
"FileZilla Client" = FileZilla Client 3.2.7.1
"Flight Simulator 9.0" = Microsoft Flight Simulator 2004 - Das Jahrhundert der Luftfahrt
"FontExpert 2010" = FontExpert 2010
"HijackThis" = HijackThis 2.0.2
"InstallShield_{88E62BD7-A532-48F6-8428-D949BB93A2D7}" = Play Wireless USB Adapter
"IsoBuster_is1" = IsoBuster 2.8.5
"LAGO MADDOG 1.42" = LAGO MADDOG 1.42
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"OpenAL" = OpenAL
"Project Canarias 2006" = Project Canarias 2006 by CanarySim
"PROPLUS" = Microsoft Office Professional Plus 2007
"splashtop" = VAIO Quick Web Access
"TIPP10_is1" = TIPP10 Version 2.1.0
"Ultimate Terrain - Europe" = Ultimate Terrain - Europe
"VAIO Help and Support" = 
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.03.2011 17:52:29 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FontExpert.exe, Version: 10.0.0.5,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: BtMmHook.dll, Version: 6.3.0.5600,
 Zeitstempel: 0x4c0f2c57  Ausnahmecode: 0x40000015  Fehleroffset: 0x00011958  ID des fehlerhaften
 Prozesses: 0xe60  Startzeit der fehlerhaften Anwendung: 0x01cbda856ec62d5f  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Media\FontExpert\FontExpert.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll
Berichtskennung:
 b3005276-46a9-11e0-ae1f-544249f71d1c
 
Error - 04.03.2011 18:41:57 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InDesign.exe, Version: 7.0.0.355,
 Zeitstempel: 0x4bad00be  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x178c  Startzeit der fehlerhaften Anwendung: 0x01cbdabd52dcdd63  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 9bf27912-46b0-11e0-ae1f-544249f71d1c
 
Error - 04.03.2011 18:42:31 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InDesign.exe, Version: 7.0.0.355,
 Zeitstempel: 0x4bad00be  Name des fehlerhaften Moduls: OPTICAL KERNING.APLN, Version:
 7.0.0.355, Zeitstempel: 0x4bad0c56  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000bcfd
ID
 des fehlerhaften Prozesses: 0x1740  Startzeit der fehlerhaften Anwendung: 0x01cbdabd635b3697
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\Plug-ins\TEXT\OPTICAL
 KERNING.APLN  Berichtskennung: b06748a0-46b0-11e0-ae1f-544249f71d1c
 
Error - 04.03.2011 18:59:19 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InDesign.exe, Version: 7.0.0.355,
 Zeitstempel: 0x4bad00be  Name des fehlerhaften Moduls: OPTICAL KERNING.APLN, Version:
 7.0.0.355, Zeitstempel: 0x4bad0c56  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000e1a8
ID
 des fehlerhaften Prozesses: 0x164c  Startzeit der fehlerhaften Anwendung: 0x01cbdabfc4ea31ac
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\Plug-ins\TEXT\OPTICAL
 KERNING.APLN  Berichtskennung: 09072578-46b3-11e0-ae1f-544249f71d1c
 
Error - 04.03.2011 19:03:17 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InDesign.exe, Version: 7.0.0.355,
 Zeitstempel: 0x4bad00be  Name des fehlerhaften Moduls: OPTICAL KERNING.APLN, Version:
 7.0.0.355, Zeitstempel: 0x4bad0c56  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000bcf0
ID
 des fehlerhaften Prozesses: 0x1628  Startzeit der fehlerhaften Anwendung: 0x01cbdac0500d9a1a
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\Plug-ins\TEXT\OPTICAL
 KERNING.APLN  Berichtskennung: 96e99121-46b3-11e0-ae1f-544249f71d1c
 
Error - 05.03.2011 18:07:30 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: InDesign.exe, Version: 7.0.0.355,
 Zeitstempel: 0x4bad00be  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16695,
 Zeitstempel: 0x4cc7ab86  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e41b  ID des fehlerhaften
 Prozesses: 0x1718  Startzeit der fehlerhaften Anwendung: 0x01cbdb7530e8421e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: f68d69d0-4774-11e0-af84-544249f71d1c
 
Error - 06.03.2011 10:39:05 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FontExpert.exe, Version: 10.0.0.5,
 Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: BtMmHook.dll, Version: 6.3.0.5600,
 Zeitstempel: 0x4c0f2c57  Ausnahmecode: 0x40000015  Fehleroffset: 0x00011958  ID des fehlerhaften
 Prozesses: 0x5f4  Startzeit der fehlerhaften Anwendung: 0x01cbdbfbd9705e7a  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Media\FontExpert\FontExpert.exe  Pfad
 des fehlerhaften Moduls: C:\Program Files\WIDCOMM\Bluetooth Software\SysWOW64\BtMmHook.dll
Berichtskennung:
 7c13ff9b-47ff-11e0-81d1-544249f71d1c
 
Error - 07.03.2011 10:36:03 | Computer Name = VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 10.03.2011 14:30:37 | Computer Name = VAIO | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.03.2011 15:21:15 | Computer Name = VAIO | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Adobe QT32 Server.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bb2f299  Name des fehlerhaften Moduls: QuickTime.qts_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4cf4536a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6711bb89
ID
 des fehlerhaften Prozesses: 0xac4  Startzeit der fehlerhaften Anwendung: 0x01cbe5a1a5042e24
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Adobe\Adobe After Effects CS5\Support
 Files\32\Adobe QT32 Server.exe  Pfad des fehlerhaften Moduls: QuickTime.qts  Berichtskennung:
 e44562f3-5194-11e0-ada0-544249f71d1c
 
[ System Events ]
Error - 19.02.2011 12:48:56 | Computer Name = VAIO | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?19.?02.?2011 um 17:46:48 unerwartet heruntergefahren.
 
Error - 22.02.2011 10:34:04 | Computer Name = VAIO | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 22.02.2011 10:34:47 | Computer Name = VAIO | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 22.02.2011 10:34:56 | Computer Name = VAIO | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
Error - 22.02.2011 10:35:04 | Computer Name = VAIO | Source = cdrom | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\CdRom0 gefunden.
 
 
< End of report >
         
--- --- ---

Alt 05.04.2011, 11:22   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Was ist mit Malwarebytes?
Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.04.2011, 23:08   #6
on_the_run
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



mal ware bytes:

04.04.2011
Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6255

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

03.04.2011 15:53:51
mbam-log-2011-04-03 (15-53-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166806
Laufzeit: 3 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\CE8SIIFGSU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TJHTHX1O7X (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

04.04.2011


Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6255

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.04.2011 15:37:28
mbam-log-2011-04-04 (15-37-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 427387
Laufzeit: 1 Stunde(n), 17 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Danke, Hoffe es nützt was, ja da war was gefunden worden. Ist aber weg,und noch langsam.

Alt 06.04.2011, 09:08   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Zitat:
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
Hm, warum werden diese Adobe-Seiten gesperrt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.04.2011, 12:09   #8
on_the_run
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Hallo,

So nun hatte ich ja ALLE Log-Files gepostet.
Stehen eine Menge Daten drin, auf alle Fälle.
Kommt jemandem etwas komisch vor dabei?

Meinst du es liegt an den Hosts-Einstellungen?
Was sagt denn die HOST Datei aus?
Kann es ja mal rausnehmen, was du geschrieben hast.

Sonst noch weitere Informationen?
Wäre echt für weitere Hilfe dankbar da ich gerne den Firefox wieder benutzen möchte. Und dafür lohnt sich ein Neuaufsetzen des System ja nicht, oder?

Grüße.

Alt 06.04.2011, 13:18   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Zitat:
Was sagt denn die HOST Datei aus?
Besagt, dass dein Rechner o.g. Adobe-Seiten "falsch" auflöst, diese Adressen auf den localhost und somit auf deinen eigenen Rechner zeigen. Folge => die Adressen sind nicht mehr erreichbar von deinem PC aus.
Erklär mir mal wie du so dein Adobe-CS5 aktiviert hast, wenn dein Rechner den Aktiveirungsserver garnicht erreichen kann
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.04.2011, 21:04   #10
on_the_run
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Oha, ok danke.

Zwei Arbeits-PCs ...
Nen Kumpel hat es so gangbar bekommen. Jetzt weiß ich wieso.
Werd ihn nachfragen und es richten.
Wo liegt denn die HOST-Datei?

Ist ansonsten Hilfe oder Auffälliges zum Thema zu erwarten?
Oder eher nicht? Grüße.

Alt 06.04.2011, 22:55   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox extrem langsam - Malware Befall vermutet - Standard

Firefox extrem langsam - Malware Befall vermutet



Zitat:
Ist ansonsten Hilfe oder Auffälliges zum Thema zu erwarten?
Oder eher nicht? Grüße.
Bei gecrackter Software sollte du das System aus Sicherheitsgründen besser formatieren und neu installieren...
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Firefox extrem langsam - Malware Befall vermutet
antivir, antivir guard, antivirus, avira, bho, browser, desktop, firefox, frage, google, internet, internet explorer, langsam, malware, mozilla, mozilla thunderbird, netzwerk, notification, plug-in, problem, registry, rootkit, rundll, scan, security, sehr langsam, software, super, syswow64, usb, wlan



Ähnliche Themen: Firefox extrem langsam - Malware Befall vermutet


  1. Mozilla Firefox extrem langsam
    Log-Analyse und Auswertung - 06.06.2015 (3)
  2. Viel Werbung Firefox Pc extrem langsam geworden...
    Log-Analyse und Auswertung - 06.10.2014 (3)
  3. Windows 7, PC extrem langsam, 50% Leerlaufauslastung, Verdacht auf Malware / Virus
    Plagegeister aller Art und deren Bekämpfung - 26.02.2014 (45)
  4. Windows XP: Extrem langsam, Verdacht auf Befall
    Log-Analyse und Auswertung - 14.02.2014 (13)
  5. Mozilla Firefox 26.00 extrem langsam
    Log-Analyse und Auswertung - 26.12.2013 (1)
  6. Firefox extrem langsam
    Log-Analyse und Auswertung - 15.12.2013 (19)
  7. Mein Firefox ist extrem langsam. Grund flashplyer?
    Plagegeister aller Art und deren Bekämpfung - 05.12.2013 (9)
  8. Malware?- PC extrem langsam-Kein Sound
    Plagegeister aller Art und deren Bekämpfung - 12.10.2013 (10)
  9. Rechner ist extrem langsam nach Befall mit Trojan.Win32.Jorik.Androm.pfm
    Log-Analyse und Auswertung - 21.05.2013 (5)
  10. Firefox bereitet Probleme, Malware vermutet
    Log-Analyse und Auswertung - 09.07.2012 (9)
  11. Laptop extrem langsam - Malware oder einfach altersschwäche?
    Log-Analyse und Auswertung - 11.04.2012 (7)
  12. Pc extrem langsam, Firefox ausgebremst, ab und an Bluescreen
    Log-Analyse und Auswertung - 15.11.2011 (20)
  13. PC extrem langsam und laut und anscheinend böse malware
    Log-Analyse und Auswertung - 26.04.2011 (1)
  14. Rechner extrem langsam G-Data findet: Win32:Malware-gen - was tun?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2010 (20)
  15. Browser (Firefox,Chrome,...) extrem langsam. Virus, Malware, etc.?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2010 (10)
  16. Häufige Abstürze von Firefox und PC extrem langsam -
    Log-Analyse und Auswertung - 21.06.2010 (2)
  17. Rechner extrem langsam, Viren vermutet
    Log-Analyse und Auswertung - 11.03.2008 (4)

Zum Thema Firefox extrem langsam - Malware Befall vermutet - Hallo liebes Forum, Schön das es für Notfälle so ein Forum hier gibt. Ich habe mit meinem PC (Win 7, 64Bit) Seit einpaar Tagen das Problem, dass der Firefox sehr - Firefox extrem langsam - Malware Befall vermutet...
Archiv
Du betrachtest: Firefox extrem langsam - Malware Befall vermutet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.