Trojaner-Board - PC plötzlich langsam - MB-Fund: PUP.BundleInstaller.BI

Hallo Schrauber,

hier die neuen Logs:

Eset.txt
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3229d4340acc8a4a99d5f12abc12777f
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-22 05:12:55
# local_time=2012-11-22 06:12:55 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 19174956 19174956 0 0
# compatibility_mode=5892 16776573 100 56 112958 191128011 0 0
# compatibility_mode=8192 67108863 100 0 3735 3735 0 0
# compatibility_mode=9217 16777214 75 4 18229981 18229981 0 0
# scanned=305
# found=0
# cleaned=0
# scan_time=270
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3229d4340acc8a4a99d5f12abc12777f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-22 09:18:05
# local_time=2012-11-22 10:18:05 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 19175274 19175274 0 0
# compatibility_mode=5892 16776573 100 56 113276 191128329 0 0
# compatibility_mode=8192 67108863 100 0 4053 4053 0 0
# compatibility_mode=9217 16777214 75 4 18230299 18230299 0 0
# scanned=272843
# found=2
# cleaned=0
# scan_time=14661
C:\Users\Manu\Downloads\SciLorsGroovesharkcomDownloader.exe a variant of Win32/Somoto.A application (unable to clean) 00000000000000000000000000000000 I
H:\Filme\Von Leo\Neuer Ordner\FableTLC.iso probably a variant of Win32/Agent.FMOJEUT trojan (unable to clean) 00000000000000000000000000000000 I
Und das neue OTL:

OTL Logfile:
Code:
OTL logfile created on: 23.11.2012 11:52:30 - Run 3

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Manu\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,99 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 63,70% Memory free

8,21 Gb Paging File | 6,43 Gb Available in Paging File | 78,34% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 278,07 Gb Total Space | 91,50 Gb Free Space | 32,91% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32

Drive E: | 2,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive F: | 7,46 Gb Total Space | 0,20 Gb Free Space | 2,73% Space Free | Partition Type: FAT32

Drive G: | 1,87 Gb Total Space | 1,59 Gb Free Space | 85,37% Space Free | Partition Type: FAT

 

Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.11.21 12:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe

PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

PRC - [2012.08.08 10:53:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.05.09 10:10:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

PRC - [2012.05.09 10:10:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

PRC - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.12.18 20:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

PRC - [2011.12.18 20:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

PRC - [2011.12.15 18:29:42 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe

PRC - [2011.12.15 18:29:42 | 000,104,712 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe

PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

PRC - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) -- C:\Windows\SysWOW64\IoctlSvc.exe

PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.12.15 18:29:42 | 000,510,464 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn.exe

MOD - [2011.12.15 18:29:42 | 000,104,712 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\openvpn-gui-1.0.3.exe

MOD - [2011.12.15 18:29:42 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\OpenVPN\bin\lzo2.dll

 

 
 ========== Services (SafeList) ==========

 

SRV:64bit: - [2011.11.03 15:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)

SRV:64bit: - [2008.01.21 03:47:32 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)

SRV - [2012.10.28 13:50:55 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.10.09 11:21:35 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.05.09 10:10:52 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2012.05.09 10:10:51 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2012.03.01 01:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.12.18 20:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)

SRV - [2011.12.15 18:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)

SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2008.10.29 15:11:26 | 000,071,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe -- (resetWinService)

SRV - [2006.12.19 09:30:26 | 000,081,920 | ---- | M] (Prolific Technology Inc.) [Auto | Running] -- C:\Windows\SysWOW64\IoctlSvc.exe -- (PLFlash DeviceIoControl Service)

SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.11.20 17:55:23 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)

DRV:64bit: - [2012.11.20 17:55:23 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)

DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.05.13 13:13:47 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)

DRV:64bit: - [2012.05.09 10:10:52 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)

DRV:64bit: - [2012.05.09 10:10:52 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)

DRV:64bit: - [2012.02.29 14:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2011.12.15 18:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)

DRV:64bit: - [2011.11.03 15:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)

DRV:64bit: - [2011.09.16 15:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr)

DRV:64bit: - [2011.05.07 16:51:34 | 000,448,088 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\vsdatant.sys -- (Vsdatant)

DRV:64bit: - [2009.10.01 01:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)

DRV:64bit: - [2008.11.13 15:47:06 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)

DRV:64bit: - [2008.10.04 00:17:30 | 000,184,320 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)

DRV:64bit: - [2008.05.19 12:45:42 | 000,448,000 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\netr28x.sys -- (netr28x)

DRV:64bit: - [2006.11.15 15:11:20 | 000,015,768 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\x10hid.sys -- (X10Hid)

DRV:64bit: - [2006.11.02 15:11:14 | 000,012,160 | ---- | M] (hxxp://www.internals.com) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\WinIo.sys -- (WINIO)

DRV:64bit: - [2006.11.02 08:48:50 | 000,326,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ati2mpad.sys -- (ati2mpad)

DRV:64bit: - [2006.09.18 22:28:52 | 001,539,488 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ialmnt5.sys -- (ialm)

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..extensions.enabledAddons: client@anonymox.net:0.9.9

FF - prefs.js..extensions.enabledAddons: de_DE@dicts.j3e.de:20120628

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.04.25 18:31:12 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.04.25 18:15:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.28 13:50:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.28 13:50:50 | 000,000,000 | ---D | M]

 

[2012.04.01 19:05:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions

[2012.11.22 16:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\dh8jvyoq.default\extensions

[2012.06.29 13:00:39 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\dh8jvyoq.default\extensions\de_DE@dicts.j3e.de

[2012.05.05 16:41:20 | 000,363,041 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\dh8jvyoq.default\extensions\client@anonymox.net.xpi

[2012.11.22 16:25:11 | 000,804,737 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\dh8jvyoq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.10.28 13:50:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.10.28 13:50:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.08.29 19:35:50 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKCU..\Run: [Adobe Reader Synchronizer] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: everestpoker.net ([account] https in Trusted sites)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 132.231.51.4 132.231.1.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08AFBD90-BE76-4893-BCC3-660FCC518899}: DhcpNameServer = 132.231.51.4 132.231.1.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{395BDD3F-CAA8-47DB-AA99-8EBDD2E734E3}: DhcpNameServer = 132.231.51.4 132.231.1.24

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B6C760D-F6C1-46F8-8D4E-F7DB36606212}: DhcpNameServer = 192.168.2.1

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Manu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Manu\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]

O32 - AutoRun File - [2009.05.23 18:26:32 | 001,713,448 | ---- | M] () - E:\Autorun.exe -- [ UDF ]

O32 - AutoRun File - [2006.03.02 16:58:48 | 000,000,047 | ---- | M] () - E:\Autorun.inf -- [ UDF ]

O33 - MountPoints2\{d047e0da-7c1e-11e1-b22f-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{d047e0da-7c1e-11e1-b22f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2009.05.23 18:26:32 | 001,713,448 | ---- | M] ()

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.11.23 11:49:04 | 000,000,000 | ---D | C] -- C:\Users\Manu\Desktop\Neuere

[2012.11.22 18:02:39 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Manu\Desktop\esetsmartinstaller_enu.exe

[2012.11.22 14:26:14 | 000,000,000 | ---D | C] -- C:\Users\Manu\Desktop\Alte Logs

[2012.11.22 14:11:18 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices

[2012.11.22 14:11:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Portable Devices

[2012.11.22 12:48:56 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Manu\Desktop\aswMBR.exe

[2012.11.21 17:53:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation

[2012.11.21 16:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN

[2012.11.21 16:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES

[2012.11.21 16:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES

[2012.11.21 16:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES

[2012.11.21 16:59:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES

[2012.11.21 16:59:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN

[2012.11.21 15:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2012.11.21 14:46:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders

[2012.11.21 12:13:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe

[2012.11.21 10:56:21 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2012.11.20 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\Anno 1404

[2012.11.20 17:56:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Ubisoft

[2012.10.28 13:50:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.10.27 13:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free M4a to MP3 Converter

[2012.10.27 13:59:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free M4a to MP3 Converter

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.11.23 11:48:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.11.23 11:48:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.11.23 11:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012.11.23 10:12:35 | 001,655,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.11.23 10:12:35 | 000,707,348 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.11.23 10:12:35 | 000,662,302 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.11.23 10:12:35 | 000,160,204 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.11.23 10:12:35 | 000,131,188 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.11.23 10:05:06 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.11.23 10:05:06 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.11.23 10:04:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.11.22 18:02:41 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Manu\Desktop\esetsmartinstaller_enu.exe

[2012.11.22 17:26:30 | 000,000,512 | ---- | M] () -- C:\Users\Manu\Desktop\MBR.dat

[2012.11.22 14:14:58 | 000,470,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012.11.22 14:07:39 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012.11.22 14:06:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012.11.22 13:57:36 | 000,024,176 | ---- | M] () -- C:\Users\Manu\Desktop\Unterrichtsprinzipien (Rinschede).odt

[2012.11.22 13:36:22 | 001,635,420 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.11.22 12:54:53 | 000,008,798 | ---- | M] () -- C:\Windows\SysWow64\icrav03.rat

[2012.11.22 12:54:53 | 000,008,798 | ---- | M] () -- C:\Windows\SysNative\icrav03.rat

[2012.11.22 12:54:53 | 000,001,988 | ---- | M] () -- C:\Windows\SysWow64\ticrf.rat

[2012.11.22 12:54:53 | 000,001,988 | ---- | M] () -- C:\Windows\SysNative\ticrf.rat

[2012.11.22 12:54:31 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf

[2012.11.22 12:54:25 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

[2012.11.22 12:49:33 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Manu\Desktop\aswMBR.exe

[2012.11.22 12:48:19 | 000,543,531 | ---- | M] () -- C:\Users\Manu\Desktop\adwcleaner.exe

[2012.11.21 14:38:21 | 000,000,020 | ---- | M] () -- C:\Users\Manu\defogger_reenable

[2012.11.21 12:47:21 | 000,050,477 | ---- | M] () -- C:\Users\Manu\Desktop\Defogger.exe

[2012.11.21 12:13:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe

[2012.11.20 17:55:23 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys

[2012.11.20 17:55:23 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys

[2012.11.04 17:13:21 | 000,080,954 | ---- | M] () -- C:\Users\Manu\Desktop\Zusammenfassung Zepp.odt

[2012.11.03 13:58:26 | 000,433,141 | ---- | M] () -- C:\Users\Manu\Desktop\stadtgeographie2.pdf

[2012.11.03 13:57:31 | 000,408,617 | ---- | M] () -- C:\Users\Manu\Desktop\stadtgeographie.pdf

[2012.10.26 12:23:11 | 000,033,863 | ---- | M] () -- C:\Users\Manu\Desktop\Kurze Zusammenfassung Zepp.odt

[1 C:\*.tmp files -> C:\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.11.22 17:26:30 | 000,000,512 | ---- | C] () -- C:\Users\Manu\Desktop\MBR.dat

[2012.11.22 14:07:39 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf

[2012.11.22 14:06:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_07_00.Wdf

[2012.11.22 12:54:31 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf

[2012.11.22 12:54:25 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf

[2012.11.22 12:48:09 | 000,543,531 | ---- | C] () -- C:\Users\Manu\Desktop\adwcleaner.exe

[2012.11.21 14:38:20 | 000,000,020 | ---- | C] () -- C:\Users\Manu\defogger_reenable

[2012.11.21 12:47:13 | 000,050,477 | ---- | C] () -- C:\Users\Manu\Desktop\Defogger.exe

[2012.11.21 00:20:09 | 000,473,762 | ---- | C] () -- C:\Users\Manu\Desktop\Manual.pdf

[2012.11.20 17:55:23 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys

[2012.11.20 17:55:23 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys

[2012.11.20 14:29:10 | 000,024,176 | ---- | C] () -- C:\Users\Manu\Desktop\Unterrichtsprinzipien (Rinschede).odt

[2012.11.03 13:58:24 | 000,433,141 | ---- | C] () -- C:\Users\Manu\Desktop\stadtgeographie2.pdf

[2012.11.03 13:57:29 | 000,408,617 | ---- | C] () -- C:\Users\Manu\Desktop\stadtgeographie.pdf

[2012.10.26 12:36:25 | 000,080,954 | ---- | C] () -- C:\Users\Manu\Desktop\Zusammenfassung Zepp.odt

[2012.10.26 12:22:42 | 000,033,863 | ---- | C] () -- C:\Users\Manu\Desktop\Kurze Zusammenfassung Zepp.odt

[2012.09.17 21:39:25 | 000,013,250 | ---- | C] () -- C:\Users\Manu\.recently-used.xbel

[2012.07.11 12:19:47 | 000,001,685 | ---- | C] () -- C:\Users\Manu\gsview64.ini

[2012.06.04 19:05:25 | 001,635,420 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2012.05.11 11:57:50 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe

[2012.05.11 11:57:50 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe

[2012.04.24 15:55:10 | 000,146,304 | ---- | C] () -- C:\Windows\hpoins18.dat

[2012.04.24 15:53:30 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat

[2012.04.11 19:36:58 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini

[2012.04.11 19:36:37 | 000,001,024 | ---- | C] () -- C:\Users\Manu\.rnd

[2012.04.11 19:11:54 | 000,179,220 | ---- | C] () -- C:\Windows\hpoins29.dat

[2012.04.11 19:11:54 | 000,000,986 | ---- | C] () -- C:\Windows\hpomdl29.dat

[2012.04.06 09:55:56 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2012.04.06 09:55:10 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2012.04.06 09:54:21 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2012.04.03 14:48:30 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2012.04.02 20:16:16 | 000,000,635 | ---- | C] () -- C:\Windows\Rtcw.INI

[2012.04.02 16:07:06 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe

[2012.04.01 19:34:35 | 000,000,680 | ---- | C] () -- C:\Users\Manu\AppData\Local\d3d9caps.dat

[2012.04.01 19:33:46 | 000,000,552 | ---- | C] () -- C:\Users\Manu\AppData\Local\d3d8caps.dat

[2012.04.01 19:25:26 | 000,054,784 | ---- | C] () -- C:\Users\Manu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.04.01 18:45:39 | 000,000,732 | ---- | C] () -- C:\Users\Manu\AppData\Local\d3d9caps64.dat

[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

 
 ========== ZeroAccess Check ==========

 

[2006.11.02 16:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.08 18:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.04.11 08:11:14 | 000,891,392 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008.01.21 03:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2012.07.08 17:17:35 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Audacity

[2012.04.02 20:25:05 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\CheckPoint

[2012.05.13 13:12:54 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite

[2012.06.04 13:22:20 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Diercke Globus Online

[2012.09.17 21:39:25 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\gtk-2.0

[2012.04.02 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\OpenOffice.org

[2012.11.20 17:56:39 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Ubisoft

 
 ========== Purity Check ==========

 

 
 

< End of report >
--- --- ---

Direkt nach dem Eset-Scan war der Laptop noch langsamer und lief nur noch sehr "ruckelig". Nach einem Neustart war die Geschwindigkeit dann allerdings wieder wie zuvor.

Vielen Dank für deine Bemühungen und beste Grüße
Claypipe